I am guessing there are some access right restrictions to the API and they haven't added anything like OAuth yet. That's why they need to proxy for it (hunch based on the use of word api-internal in the post).

Another reason might simply be they just don't have the right people to develop the JS front-end.