Here is AT&T's reasoning in full as to why they don't allow apps to be installed from sources outside the Android Market:
Android Market, managed by Google, is open to all developers. There is no approval process for applications, they are all accepted by default and Google has stated that they place apps in the Android Market within 24 hours of their submission. AT&T selected Android Market as the exclusive source for applications because it forces developers to be accountable for the apps they submit. If the Android community has issues with an app, the app can be flagged and removed. This minimizes the risk of malicious apps harming customers and provides more protection to the customer’s private data stored on the phone.
Phandroid notes that "the strategy makes sense: if your app is malicious, the Android community will call foul and flag the app, and Google can handle all of the dirty work (including taking the app off of the market and remotely wiping it from people’s phones)."
Myself and AndroidGuys are in agreement that their reasoning is decent, but that it doesn't completely sit well with us, as other Android users don't have to deal with it.
Slightly off-topic is that AT&T also mentioned in their FAQ that the Motorola Backflip is upgradeable to Android 2.0. As for whether they would actually release Android 2.0 onto the device when Android 2.1 and 2.2 are the new norm, who knows? I'm sure, however, that there are plenty of people who would argue that if there was one provider in the US that would do that, it would be AT&T.
Image from AndroidGuys