The idea is to separate the privileges as much as possible and give each one the least amount of privilege necessary to accomplish its task.
The root-level access is necessary to bind to a low port, and to launch child processes as other accounts. Since port 22 is needed for incoming connections the daemon is launched as root. Then an unprivileged account, sshd, is used to deal with the initial parts of an incoming connection, and that too needs root. Once you are authenticated, a process is launched for your account, again by root. Thereafter you are only dealing with your own processes.
tldr;
privilege separation.