That would give us access to the users account at any time. It seems requiring their password be sent with every request is more secure (over https, of course)
The thing that you are failing to realize is that it's easier to lock down access using a public key than a password. You can specify the amount of access an incoming ssh connection has based on the public key. You can't do that w/ a password.
I could have multiple keys, all w/ different access levels, all on the same user account. There is no way to do this with a password, other than to just have separate user accounts.
