Yes you need your signing key (private key) to invoke transactions. And the signing key should be as close to you as possible and not exposed to somewhere.
Usually it will be included into the business application created and provided to an organization, or issued to users of the organization. The app should be written such that the signing key is prompted and the user can select it from keystore.
This setup in the article is just a demo. ThereforeI placed everything into a “server”.