I don’t think there’s an easy way of only allowing the Local process to edit that file with the way that Local is currently built, but I also don’t think it’s as big of a security issue under Linux.
To recap what Local is doing specifically – when you create a new site, Local will prompt for your system’s password. This is basically Local running sudo in order to edit that hosts file and add the appropriate domains for the new site.
Since this is in the context of Linux, the user roles and permissions are in a much better place than for something like Windows where you typically are locking down everything with a third party application like an Antivirus.
Because this is Linux, usually, the hosts file is owned by root, and has read/write permissions set only for the owner, and then just regular read permissions for group and everyone else.
For example, here’s what my hosts file permissions look like under my Ubuntu 20.04 box:
ls -alh /etc/hosts
-rw-r--r-- 1 root root 993 Apr 8 10:13 /etc/hosts
I suppose it might be slightly more secure to have the hosts file be read-only even for root, but on the other hand, if the system has been compromised such that another user is able to edit a root-owned file, then you probably have bigger problems to worry about than accessing the incorrect IP address for a given domain.