I would not mind a login for the webui. Was kinda wondering why it does not have one.
So many of the things i have on my LAN do have a login, NextCloud, qBitorrent, HomeBridge, Ubiquiti Unifi, my ER router, etc... the only things that do not have any form of login to their webUI is the HDHR and the 2x RPi's CHDVR servers.
From a security standpoint, yes, I agree, should someone gain access to your network, having a secure login to a local LAN devices webGUI would be desired and may prevent, or slow down, their ability to mess with that specific device.
To prevent unwanted access to these devices WebUi, as it stands, since CHDVR devs can not do anything about the HDHR webGUI, the only true option if for you to have your network segregated in some fashion. This can be accomplished in multiple ways. VLANS, having the HDHR, server, and main client devices on their own VLAN, and other traffic on another. Separate DHCP server/subnet can also accomplish this. You can also setup ACL's and block acces to the server, from specific devices, specifying the webgui port. This functions require a more advanced router and basic knowledge of networking. The average person however, could try putting their kids or other users on Guest wifi/network, can be set with restrictions to accessing other devices.