To answer the OPs question it's because they can only tell an exploit is harmless after properly investigating it, and with things like gold exploits once you understand them the solution is usually so obvious that there's zero extra work in fixing them.
They have to be investigated because at their core an exploit is unintended results due to circumventing validation processes. This means they have a ton of potential for erratic/dangerous behaviour. It may present as an extra stack of gold in your inventory but what happened/is happening under the surface is a mystery. In the case of persistent data like inventories that are serialised, saved and loaded this has the potential to be especially dangerous. In BG3 there's the added issue of multiplayer. Players can join a game, perform an exploit and leave without the host ever knowing it happened. The host saves the bad data and then a week later their game is crashing 'for no reason.'
Beneficial exploits also tend to be higher profile and meticulously documented by the community so investigating them is significantly easier. A lot of the time you can watch a YouTube video and know before it ends exactly where you need to look to fix the problem. Being more visible means that they have to be investigated more urgently. If there is the slightest chance the advice given when a player types 'bg3 easy gold' into YouTube will crash the game/corrupt a save it has to be patched out.
It's frustrating to see 'fixed - game breaking when players go really far out of their way to break it' in the patch notes instead of more important issues but it's rarely a trade off. They aren't dedicating resources to stopping players getting extra gold it's just the general maintenance of inspecting leaky pipes to make sure they aren't about to burst. The real alarm bell is when they don't have stuff like that in the patch notes. That's when you know the team is spread too thin.
