It is recommended that you create a new user account and use that to run the server. This ensures you can limit access by the server to any restricted files and programs. You should not run the server using a root or administrator account, as this will typically give the program (and depending on your security configuration, all user scripts) full access to the machine.
If your server is running on an Intranet, then you can use the default http: protocol. User names and passwords are sent to the server using HTTP Basic Authentication, which is obfuscated, but not encrypted. It is possible, using packet snooping tools, to extract the user name and password from this data stream. On an intranet, these packets will not be accessible outside your network. However, when running over the Internet, these packets will be visible to external programs. Therefore, if your server is running on the Internet, you should consider switching to https: protocol (secure mode), which will encrypt all data, including the HTTP Basic Authentication user name and password. See the section called “Secure Mode” for details on how to configure secure mode.