Localhost access

In lecture m103 Basic Security part two it mentions that the localhost exception closes after We create our 1rst user, now, in the previous exercises, I am able to log into the database using localhost after the 1st user is created. my question is:

1 - Is this the default behavior because of security: authorization: enable has not been explicitly set in our configuration file?

2 - Does this means that someone with ip and port information can connect to the server but not have access to any database, or do you need to be authenticated to connect and access the server/database at the same time?

It get from the lecture that connection to the server is isolated from connections to databases. Connections to servers are secured by IP and port restrictions while Databases are secured by Users accounts or other types of authentication.