They were basing it on keeping traffic from getting overwhelmed in case of a worm. My reply was that the worm would still flood the router nic, so folks would still have problems with getting to resources outside of their relative vLAN anyway. The only time I've ever implemented vLANs was to ensure that the Finance department was able to get bandwidth to their production servers - single site/small offices doesn't seem to provide enough of a need for a vLAN that multiple sites/large networks would.