As proposed here which is continuing on from w3ctag/design-principles#75:

It should be possible for people to create devices that are located on home networks that use modern browser features. One example is watching videos from a local NAS in fullscreen; another is home automation that wants access to bluetooth devices. These devices should not need to be connected to the internet; and infact from a network security perspective, it's better if they aren't!

One idea I've had is that things in the private ip space (i.e. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, fd00::/8; possibly also including 127.0.0.0/8 and ::1 for local development purposes) should be considered "secure contexts" for use of web APIs.