1If you restrict access from remote hosts to your usernames and passwords then someone won't be able to access the database externally.
2
3You could also configure your firewall to only allow traffic to 3306 (MySQL Default Port) from the localhost machine.
4
5Update
6
7To setup your user so they can only access through LOCALHOST use:
8
9GRANT ALL PRIVILEGES ON *.* TO db_user @'localhost' IDENTIFIED BY 'db_passwd';
10GRANT ALL PRIVILEGES ON *.* TO db_user @'127.0.0.1' IDENTIFIED BY 'db_passwd';
11Also, bind your MySQL server to the local address. You can do this by editing the [mysqld] section of my.cnf:
12
13[mysqld]
14bind-address = 127.0.0.1