alexei.dolgolyov
5686ae5468
default_config.yaml shipped api_keys.dev: "development-key-change-in-production" uncommitted/active, while the surrounding comment claimed it had been removed. On a non-loopback bind this is a publicly-known credential granting full LAN access. Restore the documented secure default (empty api_keys -> loopback-only anonymous, LAN rejected) and leave a commented example instead.