I see your point if you live in a world where all your users are part of your domain.  But if you serve up applications that connect to SQL Server from hundreds (in our case thousands) of users who are NOT in your domain, you have two choices.  Use SQL Server authentication, or use one (or a few) logins and do your own login and password control, which may or may not be as good or better than what SQL Server offers.  I'm open to viewpoints!