Why aren't starter circuits protected?

There's only any point in trying to protect a circuit with a fuse if there is enough headroom between the operating current, and the fault current, to ensure that the fuse won't blow in normal operation, and will blow under fault conditions.

Unfortunately, once you have included all the tolerances, there is no current level you can choose that is guaranteed to avoid nuisance tripping and still have a reasonable chance of working, should the starter motor be locked up for instance. A conventional starter motor is series wound, in order to pull a very high current at start-up.

Having a power fuse blow on the circuit that is going to the engine starter can result in a serious safety issue, especially in marine systems where the inability to start the engine can mean limited or no navigation capabilities. On cars, it can mean not being able to start in an emergency situation. Some cars used to have it. I once rear ended an old Toyota in the middle of a freeway curve that had one and the woman driver blew that fuse trying to re-start her car after it stalled, which killed her entire electrical system including her hazard lights, headlights etc. When my wife wanted to buy a Toyota years later, I asked if they still had that, they assured me that they did away with it because it was a safety liability for them.

I worked in automotive electronics for a number of years. From a safety point of view, you are not trying to "protect the vehicle", you are trying to "protect the person". Usually the person will be the driver or occupant, but sometimes the person may be a pedestrian (think collisions and crumple zones), a bystander (avoiding fuel tank explosions) or even emergency crews (electric vehicles need to not expose high voltages which could kill rescuers).

Most safety problems do not have a universally good solution though. What you get is a trade-off, and you choose the least worst option. There exist formal methods such as FMEA or FTA which enable you to quantify this, so that if things go wrong then you can prove you've followed best practise.

The most common problem you have is the trade-off of fault-tolerance versus availability. If your first reaction to any problem is to stop the car and force the driver to call out a recovery truck, this may initially seem like a good idea and the safest solution. I worked on a hybrid electric vehicle for Ford, where the software did indeed take this approach when it found itself in an uncertain situation, because the result could have been uncommanded vehicle movement. With the legal situation in the US, this seemed like the best approach.

During development, we talked to engineers from Volvo and found that they had a completely different approach though. The Volvo safety case is that unless you can prove that it is categorically unsafe for the vehicle to continue moving, you must not stop the vehicle. You may reduce the speed that it runs at, or reduce the power available, but the vehicle must not stop. Why? Because if your car cuts out in a Scandanavian winter, you've got about 2 hours before you freeze to death. Volvo's safety case said that it was preferable to have some risk of low-speed, low-power collisions if the vehicle develops a fault, and to accept that this will happen more frequently with mostly-non-fatal consequences, compared to the less-frequent risk of the vehicle cutting out in definitely-fatal situations. In addition, the driver can still take some action to mitigate the fault by turning off the ignition, even if the car is no longer responding properly to electronic control of accelerator, brakes and gear selection.

A fuse in the starter circuit follows the same rationale. What's the worst-case scenario without a fuse? Answer: the wiring or battery overheats and you get a fire in the engine bay which spreads to the rest of the car. Usually the battery voltage will drop before things get too bad. The driver can mitigate that scenario by not cranking continuously for extended periods. They can also mitigate that fault because there is a fire-resistant bulkhead between the engine and the passenger compartment, giving them ample time to escape the vehicle. Even in the case that central locking fails locked and powered windows fail closed, an emergency escape hammer makes it trivial to break windows and escape. (You do have one, right? If not, buy one - they're cheap.) The situation has defence in depth.

What's the worst-case scenario with a fuse though? Well, you can't start the engine when you need to. In a car, that could leave you stranded - and we're into the "freezing to death in 2 hours" scenario. On a boat, you're utterly stuck.