Well…
- I rarely use row objects on the client side, and I still see a huge value in Anvil. They are far from the most powerful feature.
- Not all use cases require the same level of security. In some cases, a fancy object that magically takes care of stuff works just fine. In other cases, it’s not safe enough, not fast enough, or not something else enough.
As you get familiar with Anvil, you’ll either feel constrained because you’re used to the flexibility of working with HTML, Javascript, SQL, CSS, etc., and stop using it, or you’ll feel free from needing to use HTML, Javascript, SQL, CSS, etc., and keep using it. (Needless to say I belong to the latter group.)
Going back to the original question, where you showed some functions to manage database access similar to the traditional REST way, I showed you that half of those functions can be replaced by the out-of-the-box behavior of the row objects. Your functions didn’t provide any security, just like row objects.
You could even lower the security and give client-side write access to the users table. It would be crazy unsafe for any reasonable use, but could be useful for a small quick-and-dirty app for a few friends, and get an app working with zero server side code!
Or you can disable the client side access (now disabled by default, but if I remember correctly it was not disabled when Anvil was younger!) and never pass row objects to the client.