There are two sides to this question. The first is why does this feature exist at all, and the second is why doesn't the GUI (or the command prompt) make it easier to see and manage the feature.
It exists because it's useful. Several other platforms support multiple data streams per file. On the Mac, they were called forks, for example. I'm reasonably sure that similar things existed in the mainframe world, but can't put my fingers on any explicit examples today.
On modern Windows, it is used to hold extra attributes for a file. You might notice that the Properties box available from Windows Explorer has a Summary tab that in Simple view (I'm on Windows XP, your mileage will differ on the other flavors) includes a bunch of useful fields like Title, Subject, Author, and so forth. That data is stored in an alternate stream, rather than creating some kind of side-car database to hold it all that would get separated from the file too easily.
An alternate stream is also used to hold the marker that says the file came from an untrusted network source that is applied by both Internet Explorer and Firefox on downloads.
The hard question is why there isn't a better user interface for noticing that the streams exist at all, and why it is possible to put executable content in them and worse, execute it later. If there is a bug and security risk here, this is it.
Edit:
Inspired by a comment to another answer, here is one way to find out if your anti-virus and/or anti-malware protection is aware of alternate streams.
Get a copy of the EICAR test file. It is 68 bytes of ASCII text that happens to also be a valid x86 executable. Although completely harmless, it has been agreed by the anti-virus industry to be detected as if it were a real virus. The originators thought that testing AV software with a real virus would be a little too much like testing the fire alarm by lighting the wastebasket on fire...
The EICAR file is:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Save it with the extension .COM
and it will execute (unless your AV is paying attention) and print a greeting.
It would be informative to save it in an alternate data stream and run a scan...
1nice, seems like mac resourceforks. – Stefano Borini – 2009-07-24T00:07:31.153
15worse, when you start sol.exe like that, the task manager shows the process name as container.txt – hasen – 2009-07-24T00:27:23.253
16We should bomb google so that "scary" leads to this question – hasen – 2009-07-24T20:30:35.633
4With as long as this has been around, it's still astounding to occasionally run across AV developers/other people that work heavily with the filesystem that STILL don't know about it. I don't expect the average app developer to know about it since there's no need, but if you're heavy into filesystem stuff... :-) – Brian Knoblauch – 2011-06-28T14:32:12.797
Supposedly you can also attach an ADS to a folder. You can delete the ADS by deleting the folder, but when the folder is the root of your drive, you can't delete your C: drive, for example, without reformatting the drive. Seems like a mechanism for creating a hidden rootkit virus to me(?). – HighTechGeek – 2013-10-31T17:55:41.907