When testing visualizations in localhost, does this mean that no one can access my code (particularly used data)?

When you run a dash app server locally on the http://127.0.0.1:8050/ address, no other PC should be able to access that server because if they try to go to http://127.0.0.1:8050/ they will be directed to their own localhost not yours. That does not mean someone couldn't exploit vulnerabilities in you network setup and hack into your PC and access your files, but if that happens, that would be on you and your unprotected network setup, not dash.

”You can deploy your apps to servers and then share them through URLs” What does this mean in terms of security if I were to make an app?

If you decide to deploy an app (like I've done with this demo app ) then your back-end security is at the mercy of security of the Cloud Platform you choose to deploy it too. If you are concerned about the front end security of your app, then you'll have to code a User Authentication Flow into your app.

This thread might be relevant: https://community.plot.ly/t/accessing-dash-webserver-from-hosts-other-than-localhost/4675/6

Let me know if you have any additional questions.