It's a workaround for the OAuth authentication, because firefox for a while wouldn't redirect to http://localhost, so I made it possible to redirect to https instead. It's not necessary to enable it unless it doesn't work without. Enabling it will make the browser show a certificate warning as the certificate automatically generated by Strawberry for localhost is self-signed.
It's safe to use http, and not https for localhost because the traffic always stays on your computer, it's basically your own web browser that connects to strawberry and sends a code used for authentication. The traffic that goes to last.fm is always https independent of this option of course.