That's another good reason to use separate Tor gateways, as Whonix does. The webserver etc are bound to the server's LAN IP address, not localhost. And onion services in the gateway Tor client point to that server's LAN IP address. Everything in the server bound only to localhost stays private.