Hello David
This is an excellent question! The reasoning behind this behavior has to do with how a router sees transient traffic and locally generated traffic. The distinction between these two types of traffic aligns almost completely with the distinction between data plane and control plane traffic.
From a router’s perspective, locally generated traffic is virtually always control plane traffic, while the transient traffic it serves can only be considered data plane traffic. By design, ACLs applied on interfaces act only on transient (i.e. data plane) traffic. Locally generated (i.e. control plane) traffic is not acted upon because that means that every time you create a ACL, you will need to provision for exceptions in the ACL for OSPF, EIGRP, and BGP message exchanges, as well as other protocols, including SNMP, Syslog, NTP, TFTP, DNS, HSRP, DHCP relay, and many others.
So you see, it would be a nightmare to ensure that all of these control plane protocols would not be blocked if outbound ACLs also blocked locally generated traffic. As you can see, by design, it is also a convenience.
If you do want to filter locally generated traffic, you can use control plane policing or CoPP.
I hope this has been helpful!
Laz