Doesn't feel like much of an explanation to me.
# UMASK is the default umask value for pam_umask and is used by
# useradd and newusers to set the mode of the new home directories.
# 022 is the "historical" value in Debian for UMASK
# 027, or even 077, could be considered better for privacy
# There is no One True Answer here : each sysadmin must make up his/her
# mind.
That comment was in Bullseye. In Trixie's /etc/login.defs the comment is gone.
With Trixie, PAM's "User Private Groups" are by default enabled and default umask thus is 002 instead of 022.
(Personally, I'm irritated by the rather silent way this invasive change got introduced -- it is mentioned in /usr/share/doc/libpam-modules/NEWS.Debian.gz together with instructions to restore the old behavior.)
Ah the classic "There is no One True Answer so it's ok to default to a bad answer".