"Just to be clear":

It's not "sheer laziness". I can almost guarantee you that Instructure would prefer to e-mail the grade itself, and probably had the code working somewhere before feedback from universities told them to remove it.

There are absolutely cases where sending an e-mail to the wrong person is a violation of FERPA. Can you guarantee that your software will never be configured to accidentally e-mail someone besides the student? That no administrator will ever accidentally set up the wrong e-mail address? Because you're not sure if you can make that guarantee, it's legally safer to restrict it to the actual LMS login.