You’re absolutely right, however since it’s the hotspot from my phone I don’t really care too much.
Ideally I would use age to encrypt the password or file but I don’t had more time to extend it.
And right again, I just have used .local for years and so far have been to lazy to change it.
Thank you for the suggestion of .lan, I wasn’t sure what I should pick instead.