No, there's really no reason to change that. Yes, it's for security. The idea is that you want to isolate the Apache processes as much as possible, so that if the account running those processes becomes compromised (e.g. by exploiting a vulnerability in the Apache server software), the attacker won't be able to easily do any damage to the server itself. For those reasons, nobody is almost always an unprivileged user: aside from running the processes, it doesn't own any files, can't write to any files, or really have the power to do anything at all.

You would only give it its own user if you wanted Apache to be able to access files other user(s) cannot. For example, if you want the code behind your cgi or whatever to be a secret, you might make those files only owner readable and owned by the apache user. In this case, you would still want to make sure nobody can log in to your server with that username so you should take the necessary steps for that based on your operating system.