Security models from the dawn of computing, which operated on assumptions that no longer hold true, including passwords being stored in plaintext in /etc/passwd, then later, crypted in /etc/shadow. If the /etc/passwd file were stolen, then you'd have everyone's password. By forcing the password to be changed every X days, then even if an attacker got a copy of /etc/passwd, those passwords would not work after N days.