Everything in XAMPP is done through the browser or the XAMPP control panel. You can change settings with a text editor but that's rarely needed.
I don't worry about the security of XAMPP too much because it's inside the network. It's just important to know that it's not designed to be used as a production server. I haven't changed anything since I first set it up.
Once you have XAMPP running you can just treat it like any other web server. The big advantage is that you can use DW to edit pages directly without having to upload to test them.