If you are speaking from an application architecture perspective, segregating application components into multiple tiers vs a large flat single tier - Logical switches can be created based on application profile, and rules put in place to secure based on logical switch. It is also possible to place all VMs on the same logical switch and apply rules at the group or VM level.  Regardless of approach, the rules applied will result in the same level of security.  The latter can be beneficial if you do not plan to deploy the VXLAN network overlay, deploying NSX for use of the the distributed firewall capabilities.  You can also do a combination of both - deploy VMs to application component based logical switches, and then apply policy/rules on a group basis.

I would say a lot depends on what you are doing with automation, what your future plans are, the size of the environment, what other integration points are on the horizon - all of these and more will drive your design requirements.

The term Multi-tier is also used to reference a higher level network architecture - used when NSX is deployed in a multi-tenant environment, and there is a need to scale out.