Although scientists and engineers often write large amounts of code, they typically don’t program for the web. Why?
The answer is that web applications are a different thing. They require deeper understanding of computer networks. They involve many technologies: HTTP, HTTPS, HTML, CSS, JavaScript, Web APIs, and more. They require understanding some security issues like CSRF and XSS. None of these is rocket science (unless you are a rocket scientist), but, in contrast to web developers, scientists and engineers usually don’t like dealing with these things, or they don’t have time for them.
It’s not unusual for desktop applications to continue working for many years after they are unsupported and abandoned. For web applications, this doesn’t hold, partly because they are vulnerable to various kinds of attacks.
This inherent vulnerability requires having security policies. There’s also the issue of adhering with privacy laws. It’s much easier to get away with such paperwork when you make an application that runs locally on the user’s computer.