Make remote access default, or at least highlight this config option better in docs

[poisonborz]

Documentation says Open http://localhost:5232/ in your browser! from which one could guess server is reachable from the the network. Only down further does it write The default configuration binds the server to localhost. It can't be reached from other computers. - I would guess most users nowadays are running Radicale not on their desktops, but in some dedicated server environment. Therefore making the host 0.0.0.0 would be more ideal, but at least this should be mentioned right up in the "Simple 5-minute setup" section of the documentation.

[pbiering]

Listening on localhost is "security-by-design" of default configurations. Anybody which want to expose a service to Internet should be able to manually change this (and also check ACL, local firewall and user authentication setup in advance)...

...btw. there can be also very valid reason keep radicale listening on localhost and put a reverse proxy in front of, e.g. for hand-off the user authentication and reduction of the attack vector.

[fiwswe]

from which one could guess server is reachable from the the network

No! The DNS hostname localhost implies reachability from the local host only. This is not specific to Radicale and if your expectations are different, you need to adjust them to reality.

If you think of the name localhost as equivalent to 127.0.0.1 (IPv4), or potentially ::1 (IPv6), which it resolves to, it becomes obvious that these IP addresses are not reachable from outside the machine.
See Wikipedia and RFC 2606 for more info.

If your client is on the same host as Radicale then the default configuration can be used.

As for why localhost and not 0.0.0.0 by default: I agree with @pbiering. That is secure design.