There’s no good reason to keep sending the user’s plaintext password with literally every request. The benefit of HTTP auth is that you can use non-plaintext methods like challenge-response, but we ditched those with the move to TLS. As such there’s literally no benefit to HTTP auth nowadays, other than being unable to save passwords/integrate with password managers. If you can call that a benefit.
and if you’re wondering why I haven’t joined the group (the one on w3.org), blame this.