Because in strong cryptography the algorithm should never be considered a secret. The secret is the secret and it doesn't matter if the attacker knows everything else. One should assume the attacker already knows everything but the secret.
A smart hacker can easily determine the algorithm anyways. Simply locate a known account from the password dump. You have the plaintext & the hash. Determining the algorithm is trivial.
For example, our site uses bcrypt (workload 10) with a random 128 bit per record salt.
Here is an example password hash (bcrypt includes salt and algorithm version in the hash output)
$2a$10$X2/v9/FO2.0DIE0dVkT6x.LvyrWPZv/.Tpf/O8Q67ufthCNdYx7LO
You have the algorithm and the salt; everything you need to crack the password.
Still you will NEVER (not today, not before the sun burns out) brute force that password. Hell if you do I'll pay you $1,000.
