>>11 I'm sorry, that was ramble.
In short, there are attacks people can use by using the fact that you are logged in, which doesn't just apply to this site. They can send commands coming from your 'account' (eg, post x text with y name in z thread) without you knowing, if you are still logged in. This can happen with banking, too. They can send commands like 'transfer-money-to-switzerland' or something if you remain logged in and visit an attacker's webpage or somehow run the attacker's PHP code. So, logging out does not let them do that.
This can affect every average user, however it is unlikely someone will write code to somehow take advantage of that (unless they are Xephlrek) and start posting random garbage under your name or with your IP address in plain text (I don't even know if they can use your tripcode, I assume they could).
Anyone could get attacked, but it's not likely someone would attack. It would be better to change the site so you can't attack a user rather than offer the option of logging out.