I'm thinking that arbitrary domains should not have access to any resource on '127.0.0.1', for the same reason that browsers restrict access to resources at 'file://' without user permission.
It isn't just websites. It's everything really. The industry has proven to me time and again that it is not worth it to explain to user's what they are doing and why they are doing it. Doing so seems like a complete waste of time on the micro-scale, but on the macro-scale it builds confidence in the integrity of practitioners and the business they're hired by by customers, reaffirms positive social values/norms (asking for permission, politely explaining when asked a question, and respecting other's prooerty), and it increases the bar in terms of expectation, and helps educate users by shaping their expectation of what kinds of things one should expect a computer to be able to do.
There wouldn't be half the computational illiteracy there is if we'd take the time to explain the basics.
There wouldn't be half the computational illiteracy there is if we'd take the time to explain the basics.