[toomim]

Because the web is supposed to be a web of multiple sites, built my multiple people, sharing a web of resources.

Localhost is just another site. If you want to make it secure, make it secure.

You realize that anybody on your coffeeshop wifi can also connect to your localhost server, don't you? Just because a server is running on your laptop doesn't mean it's not a server, running on the internet.

[fiter]

If you have bound the server to localhost and not all interfaces, then no, people on your coffeeshop wifi cannot connect.

[true_religion]

It would be better to say that your laptop is running software on the intranet, not the internet.

Also at least by convention, localhost is only accessible via the loopback interface. This allows it to be accessible even if there is no physical network to connect to, but also means that it is only accessible on the same physical/virtual computer that it is running.

To let other people in the coffee shop access your software you would need to connect to a public or private interface.