hi
Great question! There are a couple of schools of thought here, either that its a great idea to prevent directory listings, or that its really just like putting a band-aid on an open wound. Personally I have them in my directories on some of the sites I manage (not all built by me) but I also have the option set in the virtuals.conf file or httpd.conf files that specifies
Options -Indexes which should say that we don't allow directory listings. That helps make it harder for someone to get a listing of what plugins or themes you are running, which keeps them from figuring out which ones they might be able to exploit.
Does that help answer your question?
tim