If the parameter truly never changes, then using a literal is acceptable. However, depending on the database platform, passing in a parameter value as a literal that will change may cause less than optimal performance.
When you prepare a statement, the database will parse the SQL and create an execution plan of the best way to locate the results (using its optimizer). This may involve several steps, including a 'hard' parse and a 'soft' parse.
When you prepare a statement with parameterized values, the database will parse the SQL and cache the parsed execution plan. You can then execute the prepared statement multiple times, and only change the parameter's value being sent to the DB. The db can re-use the cached execution plan w/o having to 'hard' parse the SQL again.
When you execute the SQL statement repeatedly with an embedded literal parameter, the database had to perform a hard parse on each execution, hence; potentially more processing time.