Hat
Localhost is "local" only. Not even wifi or ethernet.
Depending on the ftp server app, you can serve the files either on the localhost loopback address (127.0.0.1) or on all network interfaces (0.0.0.0), which would expose the files to wifi, ethernet, VPN tunnels, or cellular networks. *Although the VPN app/provider and cellular networks may not allow such traffic.
I chose primitiveftp precisely because serving on localhost is safe from other networks. Only a local app can connect to that listening port. Of course, I add TLS cert protection from passive sniffing and basic authentication so a rogue app won't see the files either.