Local user do have access to login using the browser. The difference is that local user is not allowed to consume published web services. Whereas a web service user is able to authenticate and use those services. Local user is limited to accessing the app in browser.
I think you are confusing it with anonymous role users which are used to prevent unauthorized access to your app.
Here is a documentation link that may help you
Try it out. Run one of your apps locally, create a new local user. Then in your db-tool (pgadmin or the hsql-db manager) set that flag to false and see what happens. You will probably no longer be able to log in.