The old argument is that anything a power user can do, a malicious script can do too. So such options must be removed entirely if there is any chance of a less technically inclined user being tricked into doing it.
This argument doesn't hold water. At the point malicious software is already on the machine, an automated update doesn't help. And if someone is inducing you to manually turn off automatic updates for malicious reasons... they could just as easily be inducing you to install malicious software directly.