It very well may be…or the casual attacker that dumps out the loopback, maybe make it harder then that. Or from the misconfigured system that allows people that aren’t root to see the loopback. Or from other programs with escalated privileges that sit on the loopback interface that maybe could be exploited themselves, not for a full system compromise but just enough to sniff the loopback. Or from the firewall/ips vendor that you install on your laptop for some reason accidentally collecting it.

There could be a lot of reasons to try and protect it, certainly better than just dumping it out on the loopback.