Here's a question I've had for a while: WHY in the world do web browsers not block access to localhost? What exactly is the extremely compelling use case that has prevented them from blocking this?
Or it could be like what happens if you access a site with a broken SSL cert - you get a big red warning page and your only allowed to continue after clicking some tiny technical option.