This allows someone who give a ngrok authtoken to gain remote access to your IoT Box, and thus your entire local network. Only enable this for someone you trust.