Another thing that is not mentioned in the other answers is the impact of Valve's structure as a company and their philosophies for scalable solutions.
Most Valve employees (if not all) are hired into Valve's culture where each person works on the project of their choice, especially if they feel it is the most valuable contribution they can make to the company. For understandable reasons given this culture, few employees at Valve take interest in customer service/complaint handling.
In addition, Valve views community-driven/game-ified solutions as a principal way of making features scalable. See also: Steam tags, reviews, etc.
For these reasons and because Steam had suffered a rash of account thefts due to the large real-world value of TF2 and CS:GO items, Valve naturally alighted on two-factor authentication as a user-driven way of cutting down on the number of mind-numbing account theft cases they had to handle. They further game-ified adoption of two-factor authentication by making a new level of the community badge and adding two-factor authentication as one of the activities, giving a limited time discount on Steam marketplace for two-factor authentication users, etc.
To sum up, another reason Steam is insistent on security is to free software engineers up to do more engaging work.
Update 12/10/15: As Valve has just explained:
Account theft has been around since Steam began, but with the introduction of Steam Trading, the problem has increased twenty-fold as the number one complaint from our users...
We see around 77,000 accounts hijacked and pillaged each month. These are not new or naïve users; these are professional CS:GO players, reddit contributors, item traders, etc.
Restoring 77,000 accounts per month adds up to a ton of time that engineers could be spending on other things.