There are layers of understanding about security and people assume they are doing best as per their knowledge.

Databases (SQL) have concept of views, restricted access going all the way to column level.

Connections can be restricted from firewall itself.

One can have MTLS connections with database on the top of it to beef up security.

Unfortunately the generation of people who knew and did all this is just considered friction and has been made obsolete.