I suspect this is a clear indication that many are actively using it.
It could be thought as an evolution of the legacy RSH.
But I consider it also a legacy to be avoided.
Security is more important as the world is proportionally more dangerous.
And there are security considerations with host-based authentication:
- If the trusted host is compromised, so is everything relying on it;
(security is hardly perfect, so it's better to layer and segment)
- More SSH code (client and server) is exposed to attack;
(everybody should know more about bugs and backdoors)
- Client SSH code is made setuid usually to root;
(when all strive to get rid of root this in the wrong way)
- Can allow root or anybody to log in;
(but who they really are?)
- Complex and error-prone setup.
(must I stress how troublesome is this?)
Thus, keep using host-based authentication, specially because of a lazy sysadmins saying so, isn't really reasonable for any serious businesses conscious about security as well.
