if you do a quick whois, you'll see the domain is registered through enom.
if you look up dnssec+enom, enom doesn't support dnssec administering by automated means. it must be manually handled via support tickets.
for a lot of companies and people, that is a dealbreaker. if you need to adjust dns infrastructure to deal with an outage, migration or other concern, you become blocked by a bottleneck in not being able to fully administer the dns records yourself and have a guaranteed downtime.
the ISRG staff may have other reasons, but that is the most common one I know of. migrating registrars and dns systems is also often a pain in a corporate setting for many reasons.