The su program changes the effective uid of the account to that of another account. In order to successfully change the uid, the password for that account must be entered. For this reason, in order to use su to gain root access, you must know the password of the root account. This means for each person who needs root access with su, yet another person must know (and remember) the password for the root account.
Now, if a user has their account password compromised, only that account is open for illegitimate access. When the root password is compromised, the whole system becomes vulnerable to attack. For this reason it is advisable to take more care with the root password than with anything else. Giving that password out to more than the System Administrator is begging for disaster.
So, what good is su? The safe usage of su is to use it to change from one user account to another. You, of course, must know the password of the account you wish to move to. This is sort of like logging into the other account, but with su the environment of the old account is carried over into the new account session. This is very useful if you have your user account set up with particular default environment conditions, and wish to work under an account that is set up different.