For profile pages (but not for SoPW pages), instances of script are replaced with s‎crip‎t.

This is presumably a security measure.

Exactly right. From the very beginning, the user display page contained code to neutralize embedded javascript code. Originally, it attempted to "quote" any occurrence of a <script element in the user node content. But in December 2004, it was changed to the current technique, which blindly mangles any occurrence of script.

I can't imagine why this measure would be needed for profile pages if it isn't needed for SoPW pages.

I'm not sure but I believe this is because user pages are — or were — granted somewhat more freedom in terms of what HTML elements are allowed. iinm, regular writeup nodes are already strict enough that additional filtering for <script> is unnecessary.