Yes. The move from 0 to 1 click exploits (thanks to putting Flash/Java behind a click) in the early 2000s marked a massive negative shift in attacker capabilities and ultimately destroyed multiple (black market) exploit dev businesses.

“Click to play” bypasses became incredibly valuable as an enabler for Flash/Java exploits, for a while. They were also few and far between, and if memory serves me, unreliable as fuck.

It definitely matters. Just think about what sort of how much Dr. Evil would pay for an exploit that relies on user action versus one that doesn't.

https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator

I can probably avoid bring tricked into clicking a link, I've avoided many many attempts to trick me in the past. I probably can't avoid browsing the internet though.