They easily could if they wanted to, which is the point.
If at any point in the future, someone wanted to say, "Well, so-and-so may not really have been the one who posted it," or, on the other hand, one of the signers later wanted to renege and say they didn't really sign it, it's going to be a lot harder for anyone to buy that the account credentials and PGP privkey were stolen and used than just that someone somehow spoofed a post from an account.
It's like the difference between posting a +1 retweet and having a signed document notarized. One of those is a lot harder to claim was faked/unauthorized later.
If at any point in the future, someone wanted to say, "Well, so-and-so may not really have been the one who posted it," or, on the other hand, one of the signers later wanted to renege and say they didn't really sign it, it's going to be a lot harder for anyone to buy that the account credentials and PGP privkey were stolen and used than just that someone somehow spoofed a post from an account.
It's like the difference between posting a +1 retweet and having a signed document notarized. One of those is a lot harder to claim was faked/unauthorized later.