From a security standpoint this helps with the issue of leaked tokens. Over the last few years I’ve seen dozens of tokens leaked, either maliciously or by mistake (paste the wrong token on forums, or forgetting to remove it from github (and then forgetting github has a history)) and then never revoking the tokens. Of those, I know at least 20+ that are still valid and have the chat login scope (some are scoped for everything!), so I, or anyone else, could log into chat as them right now.
By requiring refreshing of tokens, it will dramatically cut that vector of attack. It wont stop all types of attack, such as phishing where the malicious entity poses as Moobot/Nightbot and can just refresh the tokens themselves, but for leaked tokens this’ll put at stop to that (at least it will when older generated tokens are forced to expire at some point in the future).