Usually it's because users will login or miss click on it. This will give their email address and personal information so that they can be sold or spammed. On another note, it boosts new accounts/sign-in metrics.

It does suck for the user.