TLDR Answer: because get parameters are stored in plain text in server log file.

Although your server-client connection is secured in favor of SSL layer, no man-in-middle can read what the client sends to the server, your exposed secret information (password, API key, ...) via GET parameters, they all will be be stored in server log file.