Users without login were added to replace application roles.
Loginless users are usefull for impersonation, in order to gain necessary permissions. They allow users to authenticate to the instance with their own credentials, therefore making SQL Server able to audit activity to their login, while impersonating the loginless user on the database context.
Simple impersonation example:
SELECT SUSER_NAME(), USER_NAME();
GO
CREATE USER loginless_user_4test
WITHOUT LOGIN
GO
EXECUTE AS USER = 'loginless_user_4test'
GO
SELECT SUSER_NAME(), USER_NAME();
GO
REVERT --as long as you haven't issued "EXECUTE AS ... WITH NO REVERT", you can go back to previous context
GO