It is fundamentally more secure as it functions as a private controlled proxy for the public repo. Also solves some other nice gotchas such as people pulling a left-pad joke on you and reproducible installs as all packages are cached so your build servers and dev systems get the same version of all packages (if properly used with shrinkwrap kind of solutions, or even without if properly handled).

We self-host Artifactory. If our internal instance goes down, it's always possible to fall back to the public registry of language (NPM, Maven, pip etc). It's far more unlikely for our Artifactory and the public registry to go down simultaneously.