ANSWER:

PasswordAuthentication No makes very sure that any attempts to brute force the password will be in vain. Also, a compromised sshd is not able to sniff the private key when connecting to it; with password authentication it is still tunneled clear text so anybody breaking the server and installing a modified sshd or pam stack now has the password you used to logon, which might be valid on more than just that single server he/she was able to compromise.

by rackandboneman from http://serverfault.com/questions/386500