[jasonkester]

A better question is why developers, the only group of people likely to understand this security issue, continue to run things on localhost?

Custom hostnames are such a better solution, but for some reason developers don't use them.

[fit2rule]

In many projects I have worked on in the last 2 decades, one of the first things I find myself needing to do is fix the name services and setup of .local/.home .. To me it really appears that the skill of naming things starts at the the network - to that end, crap-named networks propagate amnesia.