I couldn't find a justification for the level of exposure, the annoyance of the constant spam, the risk of a new security breach, and the laziness of having to manage passwords, a hardware auth device, or any 2FA, etc.

In summary: anything that doesn't provide any benefit should cost you no effort.