By people not concerned about security - inexperienced admins, generally. It's trivial to configure a VPN using OpenVPN (free), or even MS Routing and Remote Access (free with MS Server OS). It's not unusual these days for most firewalls to include some sort of VPN functionality. There is no excuse for exposing potentially insecure services such as this to the world these days. Even Microsoft advises to open as few ports to the world as possible. You never know what the next vulnerability in RDP will be, and based on a quick look through old KB articles remote code executions and denial of service attacks aren't out of the realm of possibilities.

Even if they were told to do so and how, it would currently break access using rdesktop.

The only way to verify the identity of the remote server is using TLS. TLS is not supported by rdesktop, therefore there is no way to mitigate MITM attacks. Tunneling the traffic through a VPN greatly reduces the likelihood of a MITM attack, though, which is another reason I advise against access RDP without any other security mechanisms in place.

From what I can tell, MPPE support has not been built with the default Maemo kernel, so it'll take a bit of work to get a PPTP client up and running. Until then, there's nothing stopping you from using something else.