I was hoping to generate a discussion (or be directed to a good depository of knowledge) on the issue of whether to intercept localhost loopback connections. the options being to have a global rule to allow loopbacks or to individually allow access via the rules. My main interest is how much more vulnerable is a system that has a global allow policy? I prefer a real world analysis as opposed to theoretical attack possibilities. Even further, I'm specifically interested in the vulnerability to personal data being transmitted out to the internet via a localhost loopback global rule (e.g., a Word file with personal information in it). Is this even an issue with the localhost (is it possible?) Does enabling a global loopback policy only make you more vulnerable to hijack but not personal data leaks?