It's due to fraud risk. If googles threshold billing is X, then their risk of revenue loss is X*(N+1) where N is the number of virtual card numbers that have been created for a single physical card. The +1 is for the physical card.

Visa/Mastercard likely don't supply a way to link a physical card to it's virtual card generations (that'd be a security risk), so Google doesn't know that virtual card A is associated with physical card B.

But if somebody steals your login, they can create multiple virtual numbers and spend a lot. And since these are virtual number, MC or Visa will not have tools to find problem or block it.

Can somebody which knowledge of this explain problems with "privacy" cards and why scammers love them?

Mastercard and Visa aren't the ones at risk by such activity, the issuing banks are, and as someone who works for a bank, yes, banks have tools to detect and stop account takeovers and assist card members in recovering from such incidents.

Scammers don't care about privacy cards. They'll use anything they can get their hands on, metaphorical or otherwise. If it doesn't have their details attached, it's fair game to them.