When we first built maintenance mode, we did consider letting users login but not actually submit any changes. Basically put everything in read only mode.
At the time, it would have added significant amount of extra development and testing to the feature, and the main priority was to be able to easily disable form data getting posted from the front end (custom forms, asset builders, etc).
The reason we also didn’t lock down editing is that we normally change the edit and admin url suffixes as a standard for all of our clients upgrades, as Jason mentioned, which takes care of the editing prevention.
I can see some benefits of easily allowing all non-sys admin users to login to /_admin or /_edit but not being able to do any changes, but all they would really be doing is looking at the content that is already there, which may not really be useful to them if they can’t edit it anyway and can see it on the frontend already.