My understanding is that it's a technical limitation. I read somewhere (maybe a post here on Hacker News) that back in the good old days of telephone monopoly, there was nobody to abuse a zero-security feature like "spoof the number" except the phone company itself, and it was useful for large local corporate phone networks.