Because you can't know what's happening in the background. A wallet provider can send your private keys/or any other personal information to their servers and you won't know about it.