As always, the answer is “depends”. It shouldn’t hurt unless you’re dual-booting windows (they used it last year as a weapon in their “mess up grub” game), but, Imo, it’s worth the trouble if:

• your data is also encrypted – otherwise one just removes the HDD/SSD and reads what they need;
• you provision your own keys – to not depend on Microsoft signing shims for you;
• you delete the already provisioned keys – Microsoft signed a few vulnerable things, like one kaspersky’s (iirc) live CD with grub not locked down, so one can boot up literally anything anyway;
• you lock down grub or whatever bootloader you’re using – otherwise you become that vulnerable live cd;
• you password lock the uefi – otherwise one can simply disable the secureboot;
• your vendor’s implementation isn’t terribly buggy – iirc, some MSI laptops would just ignore all the discrepancies.

So, a lot of ifs, and a necessity to store the uefi password somewhere safe, as those may be a pita to reset.

As for standalone stuff – idk, it might protect you from malware injecting itself into the bootloader or something, but given there’s likely no chain of trust (I.e. the bootloader doesn’t check what it bootloads), it can move in on some later step.