because there's still a huge argument about what features from the host system that the web browser should be able to deal with. Lots of people think that webusb, webserial, webbluetooth and similiar things are a security and/or privacy nightmare.
And while some argue that it's enough to put these features behind permission dialogs, browsers already have enough of those that many users will blaze through and approve anything that pops up in order to silence the noisy browser and make the page work as expected, which naturally has major implications.
That's not to say that WebUSB, WebBluetooth, etc shouldn't exist, but clearly putting everything behind dialogs doesn't scale and something better needs to be figured out.
A lot of hardware devices pretty much implicitly trust the device on the other side of the data connection, because historically anyone able to run software on a machine also has physical access to the device. This resulted in devices accepting firmware updates over Bluetooth, for example, because how else would you update the firmware?
And now with protocols like Web Bluetooth, the only thing standing between between the average user and a random website completely owning their physical hardware devices is a single "I agree" permission popup.