There’s no good reason to keep sending the user’s plaintext password with literally every request. The benefit of HTTP auth is that you can use non-plaintext methods like challenge-response, but we ditched those with the move to TLS. As such there’s literally no benefit to HTTP auth nowadays, other than being unable to save passwords/integrate with password managers. If you can call that a benefit.
and if you’re wondering why I haven’t joined the group (the one on w3.org), blame this.
@SoniEx2 There’s other authentication methods that allows the client to send a value computed from a limited-duration access token and a nonce. You can’t do anything like that with cookies.