If private key files are stored without password protection on the file system, attackers with access to the system may be able to exfiltrate or use the private keys. For instance, attackers gaining physical access to the hard drive without disk encryption could likely read the file contents directly. Key material may also be accessible after the files have been deleted by performing file carving, should the file contents have not been overwritten in the meantime. It should also be noted that this approach of generating cryptographic key material tempts users to do it on (local) machines which don't have the recommended level of security nor auditability.
If private key files are stored without password protection on the file system, attackers with access to the system may be able to exfiltrate or use the private keys. For instance, attackers gaining physical access to the hard drive without disk encryption could likely read the file contents directly. Key material may also be accessible after the files have been deleted by performing file carving, should the file contents have not been overwritten in the meantime. It should also be noted that this approach of generating cryptographic key material tempts users to do it on (local) machines which don't have the recommended level of security nor auditability.