Were there any Microsoft XP security issues caused by "Easter eggs" prior to that policy change? Or was this just put in place as a policy because it was easy to put in place?

Wasn't it also something to do with supplying government contracts, which require all behavior to be documented?

Microsoft best ever easter eggs was C:\CON\CON

came here to say that, too.

imagine your easter egg introduced a vulnerability. a blanket policy like that is literally the first document leadership signs and sends out.