BIP 70 was designed to solve a user experience issue with addresses. Addresses are long and somewhat difficult to verify, can be silently replaced with a man in the middle attack, do not provide feedback to the user that the merchant received the transaction, and do not provide a refund path. The payment protocol was proposed in order to provide these things.
However implementing the payment protocol requires having additional dependencies and opens up a few new attack vectors. It also did not seem to be widely used, and it was really only usable for payments to merchants.
The payment protocol used the Protocol Buffers (protobuf) binary format. This this requires having protobuf as a dependency. However it was also the only feature that depended on protobuf.
The payment protocol also required a way to verify x.509 certificates. This requires having and trusting some root certificates. The most popular way to verify certificates is with the openssl library. By 2019, openssl was not being used for anything else in Bitcoin Core either.
The problem with these 2 dependencies is that they're big, require additional maintenance burden, and increase the attack surface. Openssl is infamous for some pretty major bugs. Similar such bugs could reveal private keys or potentially cause consensus issues. It's also a pretty big library with a ton of things that aren't being used. Protobuf has similar issues conceptually, although not nearly as big as openssl.
The payment protocol also requires downloading data from a third party, and it could be malicious. If the data exploited some issue in openssl or protobuf, users funds could be at risk.
These risks, along with having to maintain the code and the dependencies were deemed to be to great for a feature that was likely not used too much, so the decision was made to remove it.
