Why is it not advisable to have the database and web server on the same machine?

Question

Listening to Scott Hanselman\'s interview with the Stack Overflow team (part 1 and 2), he was adamant that the SQL server and application server should be on separate machin

Answer 1

I think its because the two machines usually would need to be optimized in different ways. Other than that I have no idea, we run all our applications with the server-database on the same machine - granted we're not public facing - but we've had no problems.

I can't imagine that too many people care about one machine being compromised over both since the web application will usually have nearly unrestricted access to at the very least the data if not the schema inside the database.

Interested in what others might say.