You should start by reading the specification https://tools.ietf.org/html/rfc6749
In a nutshell - the implementation of the VKontakte OAuth API is not complete.
The specification states that a token is required to grant access to a protected resource. On Facebook, most of the information has controlled access, such as privacy or the number of requests over a period of time. Therefore, using a token allows this system to work. Facebook has a rather complicated access restriction system - there is a limit at the level of the token and the application itself.
Plus, Facebook takes privacy quite seriously, so it's impossible to work without a token.
The token is a prerequisite for interacting with the API via OAuth. This is part of the protocol.
Installing an application is a standard practice in the civilized world. This is what confirms that you take your customer data seriously.

token is part of the OAuth authorization method.
This is not related to the loyalty or disloyalty of certain services - it is related to what technology they have chosen to authorize and manage authorized users.

without a token - impersonal access to API methods
with a token - controlled access to API methods
Why with a token: to collect information for various internal needs of the service.

By tokens, the site providing the API collects metrics - which methods and how many times were requested.
Based on this information, the site balances the load, decides which methods need to be redone, which methods should be limited in calls/second or per hour.
Using the same information, you can remove certain limits for money, which allows you to personally monetize the API