So afterwards we have come to a better implementation / idea.
In Home Assistant there should be the possibility to restrict user access, especially the admin access.
For example: If you want to access Home Assistant via remote like Nabu Casa or with portforwarding, you should have the possibility to deactivate certain users (like the admin account)
This would allow different permissions, from the local network e.g. all users, and from remote only user X
So it would only be possible to access the GUI, which would be an increased security advantage.