If your user is a sudo user, then all the commands that require sudo are run without password. Is like being root without password in that regard. Web based exploits that run trough browsers are not so many in the wild and maybe you will never run across such web page. On the other hand, think that you might have a typo in your command, and without the password you will run it before noticing there is a typo. In some cases that can lead to a broken system.
You can also follow this and not be bothered by entering the password
Also, this might explain a few things
In fact, there is a profile to disable the polkit to ask the user for their password all the time
Malware and exploits still exist for Linux, and elevating privileges through password brute-force is still a thing.
On a broader scale, you won’t ask yourself this if you are used to set up strong passwords to everything.
I know a lot of people using only the first letter of their first name.
Some has got their gmail hacked and the language set to arabic with a forwarder to another email with almost the same spelling on a domain with almost the same spelling.
So while from a security point of view is very bad - it is your decision.