One example of why --disable-web-securty is a bad idea

Imagine this is some webpage you want to reference offline.

Right click and pick "Save As.." and save it locally. Now run chrome with --disable-web-security and then double click the file. You'll likely see it is able to read local files from your hard drive. It could just as easily transmit those files to a remote server.

You may say you never save HTML files locally. That's not the point. The point is you disabled security. Here's one example to show there are issues. There are likely more issues. For example any 3rdparty library you download could be doing this. The point is not to enumerate every possible issue. The point is why take the risk? Instead of using --disable-web-security run a simple server for your dev.