Mostly because it's very quick to compute millions of hashes, meaning that it lessens the time required to crack a bunch of passwords - of course, this might seem like the last of your problems if your system has been attacked, but most of your users probably have the same password for every site they use, including Paypal, etc.

Something which can be scaled to take a lot longer to hash can make it expensive and practically unfeasible for someone to crack more than the simplest passwords.