Having a constructor that uses _disableInitializers() is recommended as a best practice to prevent initialization of the implementation contract itself.
There was a previous UUPS vulnerability where if an implementation contract was initialized by an attacker, the attacker could give themselves upgrade authority and delegate a call to a malicious contract that causes the implementation contract to self destruct. That vulnerability was resolved by restricting the upgrade functions to onlyProxy, but disabling initializers is still recommended as an extra layer of protection against these types of attacks.