I recently viewed a video guide about setting up for laravel development. WAMP and laravel were both installed. After the instructor completeted the install he navigated to the localhost directory, and claimed that having the localhost index displaying the file structure of your project was "a huge security issue", and proceeded to setup a vhost to rectify the problem.
I'm uncertain because 127.0.0.1 I believe is only accessible from the local machine. If an attacker can access it then he would already have control of my computer anyway. What other ways might this be a vulnerability?