#cwebber2the crux of it is: many projects assume that localhost is only accessible by its own machine, but there are attacks (especially on any machine using a browser, though probably any client/server making http requests is vulnerable) which make it so you can access information on localhost anyway.