Because outside of the tech industry, not many people know about the .io TLD. If you have a company, I think it's natural that many people's first thought would be to go to <company name>.com (if they don't google it)
If someone saw that <company name>.com doesn't exist, they might think your company doesn't exist or is a scam
I don't know if .com specifically matters, but buying a domain under control of a foreign government is definitely a risky choice. I have no direct reason to mistrust the administration of the British Indian Ocean Territory, but if there's ever a problem between whoever controls the military bases in there and your local government, you're in for quite a mess. A lot of vanity TLDs have this problem, some worse than others.
I don't think general consumers care all that much, though the older consumers may have learned that .com means commercial and may distrust foreign/fancy/modern TLDs (or get confused about them, like typing in rootlocus.tech.com instead of rootlocus.tech, for example).
There are known colonialist geopolitical problems with .io domains [1]. The islands are controlled by the British and were depopulated for a US military base. The British control the domain TLD and none of the funds go to the islands (or their former population).
If someone saw that <company name>.com doesn't exist, they might think your company doesn't exist or is a scam