From
http://tiddlywiki.com/#ServerCommand , you need to give a command that will let other devices see your app, like
--server 8080 $:/core/save/all text/plain text/html "" "" 192.168.0.245
That means you will need to look up the serving machine's local ip number (I'm assuming you're on a local wifi or other router).
You can add a username and password, but per the text this is passed in plain text, so it's not heavy duty security.
I'm not a security expert, but I believe you might be able to tell your local router to block activities on certain ports, so you have some security from the outside world. Of course, this would not prevent other users inside your local network from viewing your "site".
Possibly you could encrypt your TW -- I've never tried this on node.js. You could then examine your individual tid's and verify that they're encrypted.
Good luck,
Mark