Well, default setting is not very secured. Try to set Trusted Domains in Advanced Settings.
You may optionally specify a list of trusted domains (one per line) that are allowed to connect to your Disqus comments embed. Specify one domain per line. The domain will include all subdomains below it, e.g. blog.disqus.com will include that domain, as well as foo.blog.disqus.com and bar.blog.disqus.com.
Update:
localhost
is always enabled, see comments and @kuldeep.kamboj findings