There are a few reasons I can think of that Google may have chosen to use 5228 instead of 80 or 443.
Firstly, in most (but definitely not all) cases, 5228 should not be a problem (i.e. blocked) because push notifications are largely used when devices are on the go. This means they are using cell phone data connections that do not block this port and are not firewalled.
Secondly, in the case of environments where there might be a firewall (i.e. with WiFi inside a corporation), it is also likely that http traffic is proxied or controlled in some fashion. C2DM does not rely on a standard HTTP protocol and is expected to be a long-lived connection. This means that running it on 80/443 might cause issues in these environments.
Thirdly, these services likely were using 5228 prior to the release of C2DM and there was no clear reason to change it.
Based on my experience, I think it would have been ideal if they used 5228 as a default, and attempted to fall-back to 443 in other cases (as there are definitely many scenarios where 443 would work when 5228 wouldn't). At least in the case of 443, modification of data is less-likely than if on port 80 because the protocol would normally be encrypted. However, it is still possible the connection would be prematurely terminated on 443. However, this risk exists in any network environment, and there would be no downfall in trying.
And on separate note, it is likely that enabling C2DM on 443 would have been more difficult than it seems for Google because their distributed front-end servers likely know how to specifically handle 80/443 traffic as HTTP and would require significant re-working to handle C2DM.