Why does the default setting for `requestPathInvalidCharacters` exclude otherwise-allowed characters?

Question

In ASP.NET, the httpRuntime/@requestPathInvalidCharacters attribute defaults to <,>,*,%,&,:,\\. These characters, as I understand, are disall