Because PCIe allows direct access to everything else.
A USB3 port is already pretty dangerous: you can plug in something that will generate keystrokes or mouse movements and also present storage, so a malicious device can mount itself, copy over a payload, run it, and then pretend to be a cup-warmer again.
Plug in a PCIe device and it gets to control your system.
Kernel DMA Protection requires new UEFI firmware support. This support is anticipated only on newly-introduced, Intel-based systems shipping with Windows 10 version 1803 (not all systems).
So, it's CPU specific, motherboard specific, firmware specific, and OS version specific.
It's CPU specific in the sense that the CPU needs IOMMU instructions (almost everything made in the past 10 years) and OS version specific in that Windows and Linux have both supported it for about 3 years.
The problematic part is that the UEFI needs to support it, it seems most systems with Thunderbolt have enabled it since 2018 and systems without Thunderbolt still don't bother.
A USB3 port is already pretty dangerous: you can plug in something that will generate keystrokes or mouse movements and also present storage, so a malicious device can mount itself, copy over a payload, run it, and then pretend to be a cup-warmer again.
Plug in a PCIe device and it gets to control your system.