I've been reading alot into buffer overflow exploits recently, and I'm pretty sure I have a good grasp of the theory and techniques...but I just got to wondering something that I cant seem to figure out:

Why is so much importance placed on fixing and preventing these programming mistakes? How would a remote attacker take advantage of an exploit like this without already having broken into another computer just under a non-root account?
Would it not be easier and more practical to place all the more emphasis on preventing an attacker from getting acces to a command prompt on your computer? Or is there some sort of indirect way an attacker can use an exploit such as a buffer overflow to immediately take over a computer without any previous access?

Heh sorry for all the questions, if this is too newbish of a thread, I sincerely apologize....
Anyways, thanks in advance for any responses