If your user is a sudo user, then all the commands that require sudo are run without password. Is like being root without password in that regard. Web based exploits that run trough browsers are not so many in the wild and maybe you will never run across such web page. On the other hand, think that you might have a typo in your command, and without the password you will run it before noticing there is a typo. In some cases that can lead to a broken system.
You can also follow this and not be bothered by entering the password
Also, this might explain a few things
In fact, there is a profile to disable the polkit to ask the user for their password all the time
Malware and exploits still exist for Linux, and elevating privileges through password brute-force is still a thing.
On a broader scale, you won’t ask yourself this if you are used to set up strong passwords to everything.