Some large existing shared hosting environments have circumstances where using HTTPS for verifications will allow one customer to satisfy a Let's Encrypt challenge for another customer's domain name. This was conjectured to be true both for the obsolete HTTPS-01 method (which required placing a test file) and for the obsolescent TLS-SNI-01 method (which required placing a test certificate). The problem in each case is entirely about the behavior of shared hosting providers and the possibility that a validation can be completed inappropriately by someone who does not in fact control the domain name. These problems are not known to exist with the HTTP-01 method (specifically running on port 80) or with the new TLS-ALPN-01 method (on port 443).
This isn't relevant to people who aren't in shared hosting, but there's no way for the CA to distinguish who is or isn't affected by this condition, so the historical methods for validation on port 443 were removed or not placed in service in the first place.