There are several issues here.
Daemons (services) usually run as their own user, never root, so if someone finds an exploit in one of these process, they can only do whatever that processes user can do. That varies from service to service.
The main/only user running as root is a bad thing on the internet. If any applications you use have exploits, any attacker would become root, install a root kit and you would never know your system ws compromised. Such an attacker could do anything. Use you box for sending spam, as part of a DDoS attack, part of a bot net ....
Using a normal user account makes it harder for intrusions to go undetected as any intruder still needs to get root to install a root kit. They can still do all the nasty things above but not cover their tracks as easily.
As a normal user, you cannot accidently trash your install with a careless space. The worst you can do is to delete things your user owns.
Security is not any one thing, its like the layers of an onion. The idea is not so much to keep attackers out but to make it clear to them after they have got past a layer or two, that there are easier systems to attack, so they give up on your system.