Having a wheel group that is allowed to run any command with su rights is the default setup, but it's not the only one.
I have used sudo a lot of times to allow a specific user to run exactly one command with elevated rights. In those cases they weren't in the wheel group.
Actually retristricting defined commands to defined sudoers should be one of the main use cases of sudo. This could be done as well via ssh config but one would need a lot of keys if you don not want a wrapper (and rewrite sudo all over)
If you are really thinking security, elevating a standard user seems bad practice to anyways. It is rather I guess a way to protect the user to do `rm -rf /` accidentally. On the other end adding an another layer of obscurity is practically adding a bit of security against script kiddies. But if that is of concern one could also rename the sudo binary.
One last thing the SSH trick might be interesting is the portability but in this case I would rather go via a standard TCP socket.
I have used sudo a lot of times to allow a specific user to run exactly one command with elevated rights. In those cases they weren't in the wheel group.