The risk is a very real privilege escalation attack. Yes, you need shell or console access to the machine, but that's common to most installations. In a situation where many people have a legitimate account (like, a school computer lab, or a company network), you can't have people just arbitrarily making themselves root.
This lets you turn non-root access into root access. Did you read the full article? The guy turned /bin/sh into an suid-root executable - as a regular user, he made himself a shell that always runs as root. That's a big problem.
Pretty much any major remote hack consists of two major parts - getting access, and elevating the privileges of that access. This is the second part. If your users already have accounts, there is no need for the first part.