Why is Rack Attack disabled by default?


I was browsing the docs and I stumbled across this post: https://docs.gitlab.com/ee/security/rack_attack.html

It got me wondering, why is it disabled by default? The only explanation given is “it is recommended to leave Rack Attack disabled.” Why? It seems like such an useful tool with a negligible footprint according to the README, what’s the point of disabling it?