The complaint, and I've heard it many times over the years, is that there is little to prevent users from keeping corporate data cached on private machines. Sure, you could only allow data to sync to domain-joined PC's, or set a conditional access policy, but these were only partial work-arounds to a simple challenge of just preventing a user from downloading a file they could access.
But as of this past Monday (May 20, 2018), documents shared by view-only links can also be explicitly blocked from download. Alleluia! And because it's based on the link you share, you can fine-tune that to blocking specific subsets of users and guests without breaking existing configurations. Or why not: break those existing configs and cut 'em off at the knees. This is your SharePoint party, you do what you want.