Comment by CyberShadow

> Browsers don't let random pages on the internet hit localhost without prompting you anymore

No, that's a Chrome-specific feature that Google added. It is not part of any standard, and does not exist in other browsers (e.g. Safari and Firefox).

> The rest is just code running as your user can talk to code running as your user

No, that assumes that there is only a single user on the machine, and there are either no forms of isolation or that all forms of isolation also use private network namespaces, which has not been how daemons are isolated in UNIX or by systemd. For example, if you were to ever run OpenCode as root, any local process can trivially gain root as well.