You cannot necessarily guarantee that a webserver is available to localhost, so it is safer to just implement a standard HTTP request. This will normally land on the current server eventually anyway, although when there is a reverse proxy (Cloudflare, as an example) or other more advanced configuration the request will end up bouncing around a bit.
As for why it makes a connection at all, this allows the current thread to complete a user’s request promptly, while a non-blocking call to wp-cron.php can take as long as it likes in the background without hurting anything.
Unless you have a compelling reason, I’d probably suggest not doing anything as there is little harm in leaving this open. If you’re confident that you’ll remember to update it when your webserver’s IP changes (maybe not any time soon, but you might change hosts in 19 months, will you think of this?) you could use Cloudflare’s firewall or an Access rule to control access to the specific request. You could also configure your local web server to only allow the request if Cloudflare passes your web server as the originating IP for the request.
Even better, set up one of the alternate cron options (e.g. run the php locally or via localhost yourself) and then you can block external access completely.