If a hacker gets access to the Database, they cant do much.

But if a hacker gets access to the DB and the backend, the problem remains the same. We’re just moving the problem up the chain.