This file and the copy in wp-content/plugins/
was added 2009 to prevent directory browsing even when the server allows that.
This isn’t really a security feature, except in the sense of security by obscurity, but there might be files not everyone wants to see published or indexed by search engines.
A better solution is: turn directory listing off (Apache, nginx, IIS) and disallow crawling of these files – even when there are links to single files – in your robots.txt
:
User-agent: *
Disallow: /wp-admin
Disallow: /wp-includes
Disallow: /wp-content/plugins
Disallow: /wp-content/themes