There's no reason it needs to be so dangerous that you'd want to disable it.
If you don't have root logins, and you require a key for access (where the search time is
controlled by a computer algorithm rather than by a human's ability to remember complicated
strings of letters and digits) you can make SSH an uninteresting target.
If the script kiddies had a dozen boxes chewing away for weeks at a time and didn't get a
single hit they'd stop doing it. That they're currently still doing it suggests that it
probably still works. Which means there are still machines where you can ssh in with username
'root' password 'sesame' and get a root bash prompt. I think we should fix /this/ part rather
than just disabling SSH by default.