Basically its this:
For most purposes of a website, the 'localhost' is an adequate arrangement. This is because the database 'work' is happening on the same physical sever that is also hosting the website. So for the website user - he is impersonated by the WebApplication Server - that user is seen as being an authenticated application (user) running on 'localhost'.
But - in several situations this just won't work. First, for larger database applications (or ones that 'serve' more than one application server) - you may want to have a dedicated database server. To communicate with it, you will need a 'hostname' (usually in the form of a URI i.e. database1.mydomain.net). The second no-quite-so-apparent case is if you wish to use some database tools or do development work on another workstation (either locally or over the internet) those tools (like the MySQL Workbench design tool) or another PHP application being designed will have to know how to 'find' the right MySQL server - and that means either an IP address or a hostname (the left section of a FQDN including the hostname segment) and, in soem cases - the MySQL Port number in use.
Oh yeah - and Joe COULD do that - but that the point of security isn't it? There's the hostname locale restriction that is set in MySQL - you can specify what hostnames or IP's folks (and their appy little friends) can come in from. ''%" - means wildcard.http://dev.mysql.com/doc/refman/5.0/en/dns.html