Runtime parameters are not just applicable for query to dashboard flow, but can also be used provide row level security at a user level. For example, if a user is only allowed access to a specific id that is mapped into a query, you can set that at the user level.
User level filters are always applied automatically for that user and cannot be modified by the user. Mode details here (docs/user-content-filters.html).
This also applied to embedded use case cases, for both SSO and secure URL based approaches, where the tokens can be passed in to the underlying queries securely. For more details on using contentFilters in an embedded use case, see Embed SSO