There are a few reasons why you should explicitly specify which fields from a table should be returned:
Waste of resources
When you are making a query in a database and the table is quite big, you are using quite a lot of computing power to process your request and pass it on to your application which, cost you, or your company, lots of money.
Sensitive data
Another reason why returning everything from a table is a bad idea is that some values in a database might be sensitive and that could be passwords, bank details and so on. You want to make sure that you do not allow the consumer of your Endpoints to access those value.