Firefly III should be run on a TLS enabled host (
https://) even when running locally. Please remember that this is open source software under active development, and it is in no way guaranteed to be safe or secure.
By default, Firefy III only supports one user registration. You can disable this in the administration.
You should use disk- and database encryption whenever possible.
Firefly III supports 2 factor authentication, check your preferences.
If you find something that compromises the security of Firefly III, you should send me a message as soon as possible. These issues will be fixed immediately.