This file allows remote posting to your blog using an XML-RPC client. If you only post on your WordPress site then the chances are you do not need to have this file active. Rather than delete it, simply rename it to something you can find again.
If a large number of hits are recorded in the website log for this file then you can see at first hand how often your site is under hacker attack.