Why do browsers expose installed fonts?

Browsers don't directly make a listing of the installed fonts available. Instead they provide information about the size a specific object like a textbox has. Since the same text rendered with different fonts causes slightly different object sizes this can be used to infer which font was used to render a specific text and thus check if a specific font was used to render the text (and is thus installed on the system) or not.

For more information see Font Fingerprinting at browserleaks.com or the paper Fingerprinting web users through font metrics.

For ultra-precise screen layouts like games, a developer often needs to know the size something renders at. While a dev can instruct the browser to draw at say, 10px, OS font size settings, zoom, font variations, and more can affect the actual rendered height. By reading back the output size, small font size adjustments can be made until it's "just right". This mechanism is for all boxes on the page, not just fonts, but boxes typically "stretch" to fill the text contents, and uniting the two can reveal if rendering in a certain font leaves the box with different dimensions than before the new font was applied.

The textbook example is re-sizing an iframe to fit an error message page on another co-operative domain.

It's probably safe to start blocking fonts now because custom fonts can be delivered via the web with the page itself, rather than rely on the OS's built-ins. Those can be discovered as well, but since the page brought them, there's no value to discovery. Note that discovered is the right word; there's no way to iterate any font lists, native or web-based, so guess-and-check is the only way.