.doc files can contain executable scripts, and there is no way to make sure they are safe. The same applies to SVG and some other file types.
If WordPress would accept .doc files from any user with the capability upload_files, these files could be used to send malicious code to visitors.