Because many sites check the domain part of your email address against a blocklist, which contains entries like trashmail.com to prevent users from signing up with ad-hoc throwaway accounts. They don't want that, because they'd like to get a proper lead they can either track, sell, or reach out to.

Now Hide My Email allowed you to do just that: Create an account with an email that wasn't tied to your identity, and that you could just decommission if you didn't need it anymore. Sites had no way to detect these either, because all of the randomly generated addresses Apple provided you with just ended in @icloud.com, which is also used by tons of regular accounts - so if you blocked this domain, you'd invariably preclude millions of people from your service.

But by separating the domains, sites can simply add private.icloud.com to their trash mail blocklist, preventing the use of Hide My Email, while regular @iCloud.com addresses will continue to work. It makes the entire service useless at once.

Right now it’s the same @icloud.com domain as normal personal emails. Now all auto-generated emails will use a separate domain name, so sites can block emails with that domain, without worrying about blocking people’s main personal email.

Websites block certain throwaway email domains from signups. The concern is that this will happen with private.icloud.com

A good example of a throwaway email that is now useless because of these blocks is mailinator.com. Originally, you could just make up a random email on the spot like [email protected], visit mailinator.com, and get the needed signup verification email. These services autodeleted messages and required no signup so they were a black hole for spam. However websites eventually got wise that their spam wasn’t being seen and started blocking the domain. Mailinator came up with alternative domains and there was a brief back and forth before the throwaway email domains all ended up being blocked.