If two paths actually work, then invariably some web sites will choose to link to your page with http://xyz.com/foo/bar/baz.html and other sites will choose to link with http://www.xyz.com/foo/bar/baz.html. Each version of the URL has its own "referrer count" in a search engine, making the page seem less popular overall.
While search engines could do extra work to identify URLs that are aliases of one another, they're not obligated to do that. And even if a search engine does what you want, other tools may still be confused by duplicate paths (e.g. an archiving system or other link crawler).
Also, people tend to take the redirect as a hint about the canonical name of the site. If nothing else, people copying from the location bar or from other links will tend to end up with the version you redirect to. Only people who manually type URLs (and don't check them with the site to see where they end up) will use the non-canonical name. Between that and the search engine canonicalization mentioned above, I see little danger in redirecting one name to the other so both work.
And on the flip side, making both names work ensures that if anyone does visit or link to the wrong name, they still end up at your site. Intentionally giving a "server not found" error or similar seems like significantly worse behavior.