I've been working on making an RMS (Record Management System) a web based application that has a functionality of CRUD and it is intended to run via localhost that is operated only by one person (admin). The main question is that, is SECURITY necessary on the web app even though it is run via localhost only? If so, what scope should I look into and apply?
Well no not really, if it is just one person. But if you're talking about a localhost which can be accessed remotely through passwords then obviously you would need some sort of security to prevent bypassing of some sort.
But if you want to stay on the safe side of things then maybe just do it anyway because there's never a 0% risk of attack