That is to protect them from the SEC and really has nothing to do with US Citizens having the right to acquire the tokens by unofficial means. If someone other than the development team will sell you the token then ti doesn't matter. If you are sneaky enough to use VPNs and get around it then the EOS team at least didn't authorize you.

IP filtering or just asking them if they are a US citizen is a way to protect the issuer from SEC regulation.