If someone or something malicious gets a shell account on my systems, then it at least stops them doing anything system-wide. And yes, if a script is going to request admin rights to do something, it'll stop right at the sudo
prompt. Passwordless, it could do stuff without you even being aware of it.
Whether or not this is a line of defence at all is open to debate.
Can recommend my APC SMT1500I. Original batteries lasted 9.5 years. Accidentally plugged a fan heater into it once and it survived. Most reliable device in my rack.