I mean, it's not like the US doesn't. It's just that, practically speaking, there are very few differences between an ICO and an IPO, so there's really no reason why they shouldn't be considered a security.
I agree with your distinction but, its mainly the issue of ICOs not issuing a S-1 with the SEC since they are primary being used to generate funds (legal or not legal).
The Ethereum website has as their "hello world" demos on their website how to make your own token. Obviously not everyone is playing by the rules because we should be having a whole bunch of S-1s that should have been filed.
With over 20k tokens released so far, perhaps this is what should be done. DDOS-ing a SEC would be a nice way to force them to make explicit exceptions for fundraisings of a certain size.
In Europe, from July 21st 2018, you'll be able to do equity crowdfunding below €1M with no prospectus and registration - Kickstarter style. Above that, but below €8M, states will have an option to have extremely simplified procedure, and many of them will take that option (Germany €8M, Poland €5M, and so on).