Most people that have tampered with external wireless networks in a malicious fashion for the sake of education (hopefully your own personal testing network) have probably heard of a deauthentication attack.
These attacks are simply a single host computer sending out several deauth packets for the sake of either annoying a network administrator by disconnecting devices from a wireless network or to attempt to acquire the 4-way handshake of a WPA/WPA2 network to try cracking the password.
So there is obvious potential for this to the common script kiddie who wants his neighbor's unlimited data plan, but what's the real point of having a deauthentication packet? 90% of devices i've seen respond by simply reauthenticating to the network (except for my smart TV), so obviously the packet by no means forces the device to reconnect, it simply tells it to and hopes that it complies. But i've only ever seen the option to deauthenticate a client in stuff like aireplay-ng. So i can't sign into my router and tell it to send a packet to a specific client because it doesn't have the option to. Since this is the case, the only potential i see for the packet is attacking a network.
Why do we still make devices that listen to them if they're only a threat?
The first part of your sentence contradicts the second part. It does force the device to reauthenticate. Fortunately the standard provides a 2 byte reason code in the frame so you can get some hints how deauth frames can be useful.
Here is a Cisco page with the reason codes.
For example, most nontrivial wireless deployments have multiple access points with the same SSID. Suppose you want to service an access point. Rather than just simply turning it off and letting the clients timeout which would be a bad experience a deauth frame can be sent with reason code 8: "Disassociated because sending station is leaving (or has left) BSS".
Reason code 5 is for load balancing: "Disassociated because AP is unable to handle all currently associated stations."
Many of the other reason codes are for disagreements or errors during authentication or assocation (which comes after auth).
Multi-AP wireless deployments (where you typically use a wlan controller to manage the AP) do send deauth frames.