For example, on many systems you will find a unpassworded user "sync", which allows the sysman to sync the disks without being logged in. This appears to be both safe and innocuous.
The problem with this arises if your system is one of the many which doesn't do checks on a user before authorising them for (say) FTP. A cracker might be able to connect to your machine for one of a variety of FTP methods, pretending to be user "sync" with no password, and then copy your password file off for remote cracking.
Although there are mechanisms to prevent this sort of thing happening in most modern vesions of Unix, to be totally secure requires an in-depth knowledge of every package on your system, and how it deals with the verification of users. If you can't be sure, it's probably better not to leave holes like this around.
Another hole that having null-password accounts opens up is the possibility (on systems with runtime linked libraries) of spoofing system software into running your programs as the "sync" user, by changing the LD_LIBRARY_PATH variable to a library of your own devising, and running "login -p" or "su" to turn into that user.