User blog comment:DaNASCAT/Technical Update: September 30, 2014/@comment-452-20141003180903/@comment-11733175-20141029110810

Iirc the security update was primarily targeted at stopping CSS loading on Special:Preferences and possibly elsewhere, rather than preventing CSS loading on .js pages. The latter is unique to the oasis skin as a reaction to users causing problems for themselves by adding bad js they then can't remove when editing due to said bad js.

I'd guess the reason it's had this effect is that the method used to prevent js loading is borrowed from the method used to prevent js loading on Special:Preferences. When it was extended for CSS this was a side-effect.

As for the reasoning behind blocking CSS, it was to do with being able to execute js with CSS which I think was a quirk of an older version of IE. There's also numerous ways to manipulate the UI to trick users into clicking something they shouldn't. The ticket associated with this release can be seen at 70672