What use would a privacy browser, such as Firefox Focus for iPhone, have for an internal web server?
One thing Firefox Focus uses this embedded web server for is to detect whether Safari Content Blocking rules were successfully enabled. It seems from this answer and the Focus source code that iOS 10 provides an API for determining whether a Safari Content Blocking extension is enabled, but that in iOS 9 there wasn't such an API. Instead, it was necessary to actually try making a request to detect whether that request was blocked; if blocked, you then assume the blocker is working. I'm guessing that a decision was made to spin up a local web server as the target for the blocker detection test so as not to rely on a remote service, which would have introduced reliability and privacy issues.
Not sure whether Firefox Focus actually does this, but some mobile adblockers have a built-in internal web server which answers requests by serving empty content (zero byte text files, 1x1 GIFs, etc). The adblocker redirects blocked requests to this internal server. This generally results in rendered web pages showing nothing instead of the ad, whereas without the internal web server an error message might appear instead of the ad.