For what it's worth, I'm still able to open and use Doxygen HTML docs without running a web server. Looks like it loads both CSS and JS. So I'm not sure what the changenote actually means.
That makes sense, because so much security nowadays depends on keeping origins separate. It's hard to tell whether any given file:// URL belongs in the same origin as another file:// URL. Better treat each file:// URL as its own origin.
CSS/JS imports in the HTML are ignored. Hyperlinks are links not file loads in the page. It means you can't load e.g. access a file via script (e.g. a JSON file in the directory, directly at least).
Script running in a page loaded from file:// will not be able to access the DOM or text of any other file:// URLs, other than the one it's running in.