Your profile sets environment variables, functions, aliases, and many other things. That file having any write access can provide an attack vector.
That said, excuse me if I'm wrong. but normally it's writable by the owner. Though I'm sure some people have a different security view of when...