I think there are probably two reasons depending on the company:
1) They see communication preferences as part of your account details and therefore just lump it in with the rest of them behind the username and password. I think where this is the case they're naive or stupid rather than malicious.
2) In some cases (I think relatively rare but they exist, they actively want to make it harder for you to stop the mailings and know every extra click and keystroke does this. In this case I think they're naive and stupid as well as malicious.