Why wouldn't you do this? You can still secure the rest of your accounts. Hackers, botnets and script kiddies go after the low-hanging fruit. Reduce your attack surface, and you are clearly better off. There's almost no hassle to having to su to root once you log in with a normal user account.
By the way--logging in to a console in public is completely different from remote root access. If someone can see over your shoulder--there are lots of other ways for them to engineer an attack. But we all have to be aware of the greater risk of unknown users on the Internet just scanning IP ranges and trying to login. If you've ever had a public web server, you will see that this happens to every machine. Much more common than someone we know trying to crack into our box.