PrusaLink should use HTTPS only by default for local, even if it is an unsigned certificate. Having a login without a secure connection allows interception of the credentials and takeover of the PrusaLink.