The hourly rate is to make an apples-to-apples comparison to someone whose full-time job is to do that kind of security work, either salaried or contracted.
Would it make sense to award bonuses to every in-house security researcher based on an estimated, hypothetical worst-case cost? It doesn't take much imagination to see how that reasoning applies to other positions. Do accountants get big bonuses for avoiding multi-million-dollar errors? Lawyers for avoiding costly lawsuits? Operations (IT and otherwise) for keeping infrastructure running? Customer service for assuaging disastrous public interactions? Stretched to absurdity, would you pay for a taxi based on how badly you need to get to point B?
I believe saying "preventing these kinds of problems (doing this work) is what we pay you for" is a reasonable conclusion and paying a market rate for that general value makes more sense versus calculating a kind of commission per individual contribution. That does have a certain appeal (and I wouldn't mind seeing a discussion about it) but I haven't gotten the impression that's the perspective of those who think all* bug bounties should be higher.
*: Added caveat as I'd bet every researcher can name companies that pay poorly
