because an SPV client does not have the whole blockchain. so they can not do the verification on themselves.
They use the merkle root to verify if the transaction does exist in the blockchain provided. They however, do still trust the nodes to provide them with blocks that follows the protocol rules. They simply assume the longest chain with the highest difficulty being valid. In a sense, they are also more susceptible to sybil attack.
The bandwidth and the synchronization time is way too much for most users, including me. Using a SPV client is more or less still secure if you're an average user. If you would like to have lesser trust in the servers, you can run a node and connect your SPV client to it. You are effectively trusting yourself in this situation.