Why does OWASP recommend to never return JSON arrays not wrapped in objects?

Why does OWASP recommend to never return JSON arrays not wrapped in objects?

AJAX Security Cheat Sheet § Always return JSON with an Object on the outside says:

Always have the outside primitive be an object for JSON strings:

Exploitable:

[{"object": "inside an array"}]

Not exploitable:

{"object": "not inside an array"}

Also not exploitable:

{"result": [{"object": "inside an array"}]}

Sadly, they don't provide a rationale, at least not in the cheatsheet.

Why is that so?

As far as I'm aware, the possible attack here is Javascript array constructor poisoning, but that's been fixed for a long time already (in ES 5).

Am I missing something?