Because if someone steals your certificates (especially the Android certificates) they can take over your app in the store and publish an app in your app's slot in the store that results in stealing information from you and your users. It was done to insure the security and integrity of your credentials and intellectual property, which is an especially sensitive issue when using cloud-based tools (such as the build system and the certificate management system).
Marcos, I'm with you on this one lol
I find it redundant to have to go through that every time. I understand the security reason behind, but let’s face it: what are the chances that someone steals your certificate and go through ALL the process of publishing an app in your place. If someone already has access to the certificate, like an employee, they already know the password lol