One example of why --disable-web-securty and/or --allow-file-access-from-files is a bad idea

Imagine this is some webpage you want to reference offline.

Right click and pick "Save As.." and save it locally. Now run chrome with --disable-web-security or --allow-file-access-from-files and then double click the file. You'll likely see it is able to read local files from your hard drive. It could just as easily transmit those files to a remote server.

You may say you never save HTML files locally. That's not the point. The point is you disabled security. Here's one example to show there are issues. There are likely more issues. For example any 3rdparty library you download could be doing this. You include the library in your project and it starts uploading your files to some remote server. The point is not to enumerate every possible issue. The point is why take the risk? Instead of using --disable-web-security or --allow-file-access-from-files run a simple server for your dev.