Buckets essentially provide three containment levels:
A namespace: no two documents can have the same name in a bucket.
Resource allocation: cluster memory is allocated and prioritization is done on a per-bucket basis.
Authentication/authorization: buckets can be password protected
Generally speaking, you'll have one bucket per application, but there are situations where people have one bucket for user profiles and one bucket for individual application backed data.