Expanding the role of the User Profile by allowing directly access to the profile fields in expressions would be a great improvement. I have already been considering this idea and hope to implement this in the near future.
At the same time the existing security is not quite as limited as you indicate. Specifically, you can already use sub-queries in the security expressions to check profile attributes or group membership. For example:
To check the attribute [IsAdmin] on the table [UserProfile]:
(select u.IsAdmin from UserProfile u where u.UserName=%UserName%) = 'Y'
Check if a user is a member of the 'HR' group as found in the table [UserGroups]:
(select count(1) from UserGroups where UserName=%UserName% and GroupName='HR') > 0
For more details see: User-Level-Security.
You are correct that existing button / field visibility expressions would definately benefit from direct access to profile values.
NOTE: Please vote on, or fund, this Feature Request if you would like direct access to Profile fields in expressions.