The tar.gz files available for download are what is known as "tar bombs" - they appear to be harmless tar balls, but instead cause destruction when extracted.
The convention (since at least 1984) is that foo-x.y.tar.gz extracts as foo-x.y/ .
For example, extracting php-5.3.10.tar.gz from php.net will result in a directory named php-5.3.10/ ,
httpd-2.0.64.tar.gz from apache.org will extract as httpd-2.0.64/ , etc.
The version number is kind of important for development, but much more so when downloading the current copy to compare to your existing installation. Downloading moodle-latest-23.tgz to compare pull certain files or compare doesn't extract as per the convention, but rather overwrites the running installation, destroying the running system. It should NOT extract as moodle/, but as moodle-2.3.1/ or moodle-latest/, based on the name of the tar.gz file.
One could make reasonable arguments that overwriting moodle/ is a good idea, but to do so one would have to time travel back to the early 1980s, when the question was settled. The convention is quite well established and absolutely expected by any sysadmin for the last few decades.