If you exploit a program, the best you can get is the ability to run arbitrary code with privilege level equal to the user running the program.
For example, exploiting a program that you write and compile using your account is useless, because you can only run code with the same privileges you already had.
If you could get someone logged in as root to run your program, then you could escalate your privileges.
So exploits for programs which are suid root are much more valuable. If a program has the suid bit set, that means it runs with the privileges of its owner(root in this case). You could run this program from your regular user account, and if you exploited it you would have root privileges.
And this is also why as much as possible you should not let programs be suid root, and those which are suid root should be heavily audited.