If this cooks down to the question of resources of your server being used.
Keep in mind… even if there was a local authentication mechanism (vs. using plex.tv), your server would have to process requests addressed to it – as pointed out by philipsw… especially if you’re running your server on a public machine.
There’s been a feature suggestion some time ago to only allow access to the bundled version of Plex Web from a local network (e.g. while being on your home network or in your case after connecting to the server locally using e.g. a SSH tunnel or remote desktop session). Given the “server” and “web app” part are running on the same port, that’s nothing you can achieve with your current setup. → [Edit: link to feature suggestion]
Still… somebody would have to trigger some kind of DDOS attack to get into your server’s resources by simply repeatedly requesting to load the web app resources (quite a massive one to compare to the main use case of Plex which is streaming high-bitrate videos). If you’re running your server on a public machine, you might want to consider adding some security to deal with that kind of attacks (most web apps / servers I’m aware of won’t handle that by themselves but require some layer of protection by apps / network management).
