A wild guess? Maybe enhanced DRM so the audio path can't be MITM'd, and the digital audio data captured?

Not that it's an acceptable reason, but could they be paying some kind of ongoing license for a codec or some other licensed software on the thing?

DevOps, monitoring, support costs, ongoing security burden. You can’t just ship a device specific API anymore and call it done. Those services will have at least monthly security updates, plus all the shimming and API back-compact work that has to be done as the backend Spotify services change.

I understand, at the same time the api shouldn't be too different to what is used by other devices (otherwise they would be just shooting themselves in the foot)