Be careful with XAMPP as it does have NO security to speak of, by default. If your PC is connected to the internet, so is your "private" blog.
I don't think a web server is *that* much less secure than your PC. Your web server may be more vulnerable than mine, but I have a dedicated server that I control everything on, and no one else has root access.
Here's what I did for my private journal:
1. Add Basic Auth security for apache to .htaccess:
2. Create a password for authusers:
htpasswd -c /etc/httpd/authusers myloginname
3. Turned off pinging in WordPress
4. Added a robots.txt to prevent accidental Google caching:
5. Make sure phpMyAdmin or similar tools are also locked down (general security practice).
Things I should also do:
Add a cache expiry to WordPress so nothing gets cached locally (on my PC).
Disclaimer: Your mileage may vary. I do not warrant these steps to secure your blog. If a divorce or other financial action is hanging on your thoughts, keep them in your head; don't write them down. Everything you type is subject to disclosure. Everything you write is subject to disclosure. If you don't want your grandma to read your words to the police (or vice versa), don't write them down. Pretend I never wrote this. In fact, I wish I could unwrite it. Caveat emptor.