Because you were introducing exploits in your "SSO flow" in 2005. You can't have your cake and eat it too. If you want organizations (that spend billions on, and make this software free of cost) to care about security, there will usually be a slight inconvenience penalty you have to pay to comply with better patterns.
