It's because people have gotten so used to giving away their email credentials to sites when they sign up so that they can have all their contacts imported.
Google, Facebook, et al., could help improve security against this type of thing by creating a way for people to expose a contact list without giving away their password.
Every digg application that asks users for their credentials is conditioning users to fall for phishing.
There are enough people that don't realize the underlying architecture of the web and think that their browser is to be trusted, not a particular server (if you think I'm kidding ask your parents!).
Google, Facebook, et al., could help improve security against this type of thing by creating a way for people to expose a contact list without giving away their password.