Growing up in Northern Canada I heard “Don’t forget to close the door on your way out!” many times a day for about 9 months of the year. Leaving a door open on your home wastes energy - leaving a door open in your computing environment can lead to downright mayhem. Many windows remote orchestration tools (e.g. Packer) instruct you to open up winrm permissions in a way that is not safe for (nor intended for) use in production. (e.g. https://www.packer.io/docs/builders/ncloud.html#requirements-for-creating-windows-images)
Generally there is no guidance on how to re-secure it nor even a reminder to do so. The assumption most likely being that you would handle proper winrm re-configuration as a part of provisioning a machine from the template image your making. However, in many organizations, system image preparation may be the only use of WinRM - so it is forgotten. Or maybe whatever is used to re-configure WinRM on first boot does not actively reset one or more of the permissive settings used during machine provisioning.