On passwords: who thought that in-app login popups are a good idea, especially when you cannot even see/validate the HTTPS URL?

I talk about those "login to google" window inside apps. You just enter your credentials in a box that looks like google but you can't validate.

How are those still a thing?