The thing is, Zoom was not being malicious, and weren’t any exploits hypothetical? That server was a good idea, because it allowed launching Zoom calls without the constant warning popups that Apple injected into the process of launching of a custom URI scheme, which was what it used before and after that era. With the local server it was one click to join. Calling it “a web server” was a scare tactic to get people to think Zoom was serving a site to the public, or hosting your public files.
No, I don’t want Apple to set the precedent that they will delete your whole business if you make an architecture choice they feel is not perfect.
But there was nothing on the Mac stopping Zoom from putting a backdoor web server on Macs.