This is the default behaviour, thought it indeed likely means sensitive referrers are being leaked from website X to third party website Y. In most cases I'd wager people aren't aware this is the default behaviour.
An example where the default behaviour may be appropriate is Facebook interacting with third party apps.
Facebook may be happy to pass referrer information across to these third party apps as long as they handle it securely. If the referrer goes across HTTP, it goes across the Internet in plaintext (unsecure). By ensuring it travels over HTTPS, you're at least ensuring a minimal level of security.
An example where the default behaviour may be appropriate is Facebook interacting with third party apps.
Facebook may be happy to pass referrer information across to these third party apps as long as they handle it securely. If the referrer goes across HTTP, it goes across the Internet in plaintext (unsecure). By ensuring it travels over HTTPS, you're at least ensuring a minimal level of security.