They _don't_ trust you to do that stuff. Not unilaterally at least. In a healthy system you generally aren't able to change anything without sign off from multiple other people.
If I have a group of N people who I individually don't trust not to use mike1234 as a password, I wouldn't trust them as a collective either - at least until N gets impractically large.
Also the argument they make is, they don't trust every single component of your machine, and want to mitigate the damage caused by an attacker or malware breaking in and impersonating you.