Update docs/specification/draft/basic/security_best_practices.mdx

Co-authored-by: Paul Carleton <[email protected]>

Author: localden

docs/specification/draft/basic/security_best_practices.mdx

@@ -282,3 +282,9 @@ The MCP client **SHOULD** implement additional checks and guardrails to mitigate
 - Launch MCP servers with restricted access to the file system, network, and other system resources
 - Provide mechanisms for users to explicitly grant additional privileges (e.g., specific directory access, network access) when needed
 - Use platform-appropriate sandboxing technologies (containers, chroot, application sandboxes, etc.)
+
+MCP servers intending for their servers to be run locally **SHOULD** implement measures to prevent unauthorized usage from malicious processes:
+- Use the `stdio` transport to limit access to just the MCP client
+- Restrict access if using an HTTP transport, such as:
+  - Require an authorization token
+  - Use unix domain sockets or other Interprocess Communication (IPC) mechanisms with restricted access