[mcdigman]

Because the internet facing machine could have been infected with malware that allows someone to read the decrypted message, and send it back over the internet. First, being compromised in the first place is less likely for the machine not connected to the internet, because it is booted fresh from a CD-ROM every time, and the CD is read only, so in order to install something unwanted on the computer the attacker would have to physically replace the CD. Second, even if it were compromised, it is not connected to the internet, so there should not be any way for it to transmit the information, again unless someone has physically bugged the machine.