--disable-web-securtyis a bad idea
Imagine this is some webpage you want to reference offline.
Right click and pick "Save As.." and save it locally. Now run chrome with
then double click the file. You'll likely see it is able to read local files from your hard drive. It could just
as easily transmit those files to a remote server.
You may say you never save HTML files locally. That's not the point. The point is you disabled security. Here's one example
to show there are issues. There are likely more issues. For example any 3rdparty library you download could be doing this.
The point is not to enumerate every possible issue. The point is why take the risk? Instead of using
run a simple server for your dev.