The scenario, which already happened once, is that a hostile person decides to make dozens of vandal-edits while logged in. In an emergency like that, sysops can (physically) ban the login id, but the bad person just keeps logging in with different ids.
That's what we want to be better able to defend against.
If there's a way we could do that, without giving sysops the ability to see ip numbers, that'd be good. I think in most cases, ip number bans will take care of this, since it's a bit more effort for the vandal to get a new ip number. It will effectively slow them down, at least.
--Jimbo