> How is sending a header with the information bad, specially when it was being done for ages already in this use case?

leeches

(To actually answer your question, there are a number of tricks you can use to prevent abuse that aren't effective when using http basic)