If you log in as root on a virtual terminal, you get a command-line shell plus whatever commands you type running as root, nothing else.
If you log into a graphical desktop environment as root, you get dozens of large complex processes all running as root, most of them not designed for running with privileges. It is very easy for a mistake to damage your system and require a reinstall. Malware on websites could in principal damage the system, and not only steal/infect your own data but that of anyone else who uses the machine.
Of course, logging in as non-root only protects the system and other users, not your own files, but as a basic matter of good practice, you should never log in graphically as root unless (a) you understand exactly what you are doing and the risks involved, and (b) you have no other reasonable option.