To prevent malicious unsubscriptions. Imagine I'm feeling mean, so I go to some services you use and unsubscribe you -- no login required.

This is prevented if unsubscribe links in the emails sent out have tokens specific to the user which are validated in lieu of a login. But that's fancy technology that most senders don't have.