The web installer is a handy feature but you are giving away some security. Personally, I would never compromise security on a production server by allowing the use of the web installer. I *do* use it for updates on my test boxes but even there I change the permissions in the relevant folders (e.g. 'mod', 'blocks') and then put it back.
Also, do you *really* want your admins installing random plugins? All, non-core plugins come with a certain amount of risk which needs to be managed.