slow client protection and integration with battle-tested webservers (Nginx/Apache).
documented security options (besides user switching you can also turn off the header version, etc.).
Passenger also allows you to set resource limits on the applications you are running, notably the max. memory that may be used and how many processes are allowed per application, thereby protecting the server and any other apps that may be running.
Things like: