Because pasting doesn't work. Most browsers (like Chrome, IE) just remove the javascript: prefix from your pasted text, and some browsers (like Firefox) don't allow you to execute standard javascript from the address bar.

I agree. Chrome doesn't allow you do paste it, you have to type it. I believe they disable it soon too.

See the link in the accepted answer. If you try to paste in "javascript: blahblahblah", Chrome is smart enough to remove the "javascript: " part. What the attackers do instead is to tell the victim to type "j", then ctrl+v the rest "avascript: blahblahblah". Just tried it in Chrome, it goes through.

Clever.

Have you tried doing that recently? Doesn't work on Firefox and Chrome, not for some time.

That is the original exploit mentioned in the accepted answer; however, Firefox and IE have disabled execution of javascript from the address bar, and I assume that Chrome is also moving to do the same thing.

And after that Hackers will start telling people do open their Concole in Developer Tools and paste the code there. I believe many people will do.

...which is exactly what this post is about..? That's the reason Facebook disables the DevTools console apparently.

But you rapidly reach a point beyond which most users can get to. Three steps: (1) open console, (2) copy, (3) paste is about the limit on what an average computer user can do these days.