You wanted to "track down an actual reason for this change" ? Try this:
CVE-2011-3148 CVE-2011-3149 As summarised by Redhat (https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/6.4_technical_notes/pam): If an application's PAM configuration contained user_readenv=1, a local attacker could use this flaw to cause the application to enter an infinite loop.
