Sending credentials are stored on your device while receiving credentials are stored on the server. We don't want to store permissions to spend your funds on the server.1
The reason why it can't be the same is because if it's the same, something is clearly wrong: receive should only be able to receive so if it's the same, either your spend can't actually spend or you're giving us spend permissions when we expect receive only.
Footnotes
unless it's encrypted with a secret that only you know, coming soon ↩
Footnotes