It helps you remember to whom you gave the address. mikec+farmville@digitalsushi.com is a nice comment that tells me "I used this for farmville; who is now emailing me with it?"
No, that's not a comment. That plus sign is part of the email address. It's up to your mail server how to figure out how to parse it and stuff it into the correct inbox.
The RFC allows for actual nested comments to appear within the address. Though nobody actually uses this and really the RFC is talking about formatting for email messages in transit, not how you should or shouldn't record your address on a form.
A malicious sender could just strip out your +whatever, and then you are where you started, unless you already filter all mail without a + part and give all your friends a salted email address.