I read through the comments to the question and some are missing the point that security is not an all or nothing but step for step approach. It could happen that a Wordpress theme or plugin is written in a way that it works correctly when accessing it through Wordpress but malfunctions and causes unexpected behaviour or exposes private data when accessed directly.

Adding the line prevents this by terminating the script when called directly through the web interface. Of course there are better alternatives like preventing front end access to files in subdirectories through server directives. In practical use though there's no reason not to use both and add an extra layer of security. It's also a good option for when you don't have the option of configuring the web server.