In Facebook's case, this is to protect the user from potentially giving away information about themselves in their Referer header and from potentially malicious links that we didn't have enough information on at display (or email) time, but which we now have enough information to know it is malicious.

This is explained in more detail at https://www.facebook.com/notes/facebook-security/link-shim-p...