Side note. Most of the complaints here (data-level performance, security) can be addressed by the Bubbler picking up SQL, learning how to model a conventional DB, standing up a custom remote DB node (which honestly is two clicks nowadays in DigitalOcean, Aiven, etc) and utilizing Bubble’s SQL connector component for ALL data bindings. (All CRUD app-wide). This also has the benefit of getting the Bubbler used to how a native-code app would have to be built down the line, should the app become highly successful.
It’s not a golden-egg solution though, as Bubble does not cache the DB conns. Which means the handshake has to be re-established on every call (at a cost of about 400ms). But if you’re doing complex queries that can take mintues on Bubble, I think one may find the benefit far outweighs the cost. There’s also more complex workarounds, such as bundling CRUD into single DB in/out functions, to minimize that handshake cost. It takes about 2-2.5x longer to build a Bubble app this route, and you’ll lose the convenient immutable naming Bubble provides with it’s internal DB, but is much more resilient performance-wise.