Because it helps you not forgetting to call quote() manually. Placeholders are the way to go. When you always use them as your SOP (standard operating procedure), you have already made your code safer.

Unsafe values don't have to come from the attacker directly. They might already be stored in the database, for example by another script that quoted them safely. Now you read the data, DBI "unquotes" the values and when executing another statement with that evil value, you forget to quote it correctly. Bam, you just executed code prepared by the attacker.

That can easily happen when you modify SQL statements and add a column. If you are NOT using placeholders, you will need to remember to call quote() every single time. Forget just once and it's pretty much over. On the other hand, if you use placeholders, this is done automatically for you.