According to LWN:

There is a new sysctl knob (/proc/sys/kernel/modules_disabled); writing “1″ to that file will cause module loading to be forevermore disallowed.

Rootkits often load a module into the kernel so that it will hide the fact that the rootkit is running on the box.
This is definitely more useful on servers, since you are unlikely to be plugging in a usb device that needs another module after booting. However, it also prevents the KSplice reboot-less updates, which are also primarily useful for servers.