Being able to handle it, and being able to handle it efficiently enough are two very distinct things. The hash method might be able to handle long strings, but it might take several seconds/minutes to process them, slowing down the application significantly. Imagine a malicious user being able to set a password with millions (or billions!) of characters.
Therefore, restricting it to a small, but still sufficiently big, number of characters might help prevent DoS-attacks without any notable reduction in security for regular users.
ITT: People misinterpreting the idea as “facts that your school taught wrong”, when it’s really saying, “things that have changed since you went to school” (either through a change in definition or by new research).
E.g. If you went to school before the early 2000’s, you were taught that Pluto is a planet, while that is no longer true since it was recategorized in 2006.