There is nothing specific to MCP here. But that doesn’t mean there’s no problem. The real problem is that OS does not contain a convenient for users and reliable access control mechanism for local TCP connections (at least at the per-application level of granularity). Would such a mechanism existed, the user could allow connections to its MCP only to the necessary applications. There is already many apps providing local servers, all of them is potential point of attack for bad actors in system: ollama, syncthing, adb, gradle, various torrent clients with web interface, media players, etc...