Considering how I (try) to do bug bounties for money, it's bad for that, but otherwise, it'd probably be worse without it, considering how it seems a lot of developers seem to totally rely on it for reflected XSS protection.