diff --git a/examples/server/auth-middleware/main.go b/examples/server/auth-middleware/main.go
index ca339dfb..f9ac34f7 100644
--- a/examples/server/auth-middleware/main.go
+++ b/examples/server/auth-middleware/main.go
@@ -26,7 +26,9 @@ import (
 // This example demonstrates how to integrate auth.RequireBearerToken middleware
 // with an MCP server to provide authenticated access to MCP tools and resources.
 
-var httpAddr = flag.String("http", ":8080", "HTTP address to listen on")
+// Default to loopback to avoid exposing powerful demo endpoints to the local network.
+// Set -http 0.0.0.0:8080 to intentionally expose it.
+var httpAddr = flag.String("http", "localhost:8080", "HTTP address to listen on")
 
 // JWTClaims represents the claims in our JWT tokens.
 // In a real application, you would include additional claims like issuer, audience, etc.
diff --git a/scripts/server-conformance.sh b/scripts/server-conformance.sh
index 0826086a..f31d8df2 100755
--- a/scripts/server-conformance.sh
+++ b/scripts/server-conformance.sh
@@ -70,8 +70,8 @@ fi
 go build -o "$WORKDIR/conformance-server" ./conformance/everything-server
 
 # Start the server in the background
-echo "Starting conformance server on port $PORT..."
-"$WORKDIR/conformance-server" -http=":$PORT" &
+echo "Starting conformance server on localhost:$PORT..."
+"$WORKDIR/conformance-server" -http="localhost:$PORT" &
 SERVER_PID=$!
 
 echo "Server pid is $SERVER_PID"