Security - because private key is considered more secure when its corresponding public key has not been revealed.
Convenience - because 160 bit address is shorter than 256 bit address.
Mind that early output scripts were in fact public keys, not the hashes.
And the spend script would only contain the signature, not the public key.
Like this one: https://blockchain.info/tx/f4184fc596403b9d638783cf57adfe4c75c605f6356fbc91338530e9831e9e16
Later Satoshi changed it, so now output scripts carry the hash of the key while the spend (input) scripts carry the key.
Although, the protocol is backward compatible and the old method also works, had you wanted to use it.
Not sure about the miners willing to include such txs into blocks, though, as they'd probably be considered non-standard.