They just make sure, that no Client can call that Function.
You could, in fact, structure your own code a way, that you wouldn’t need authority checks.
But you will find yourself often at the position where you want to make sure that really only the Server can call that function.
A simple example is:
Something needs to be done on the Server and you have a ListenHost and Clients using one and the same Function.
The Server/ListenHost can directly do the stuff you need, but the Client needs to call the RPC.
That’s when you might want to check with Authority who exactly called the function.
But yes, at this point, the Authority check is made to make sure that no Client can call this.
The function is probably not even called on a client. It’s just for anti cheat safety stuff.