While the claim that Bitlocker is used to encrypt them is true, it’s really not good enough here. The files are unencrypted during a live session, which makes them an easy target for malware.
Not just during a live session -- whenever Windows is running. Nobody needs to be logged in or actively using the machine for the files to be readable in unencrypted form.