That's a wonderful point! While it would be extremely odd to copy-paste a Postgres database's files by accident or in an insecure way, their location on the file system (as well as the network connection to the server instance) will often be known by a bad actor because it's rare to change those. In that way, SQLite can be much more secure, because I might not know where in the app's binary the database lives.

I added a whole paragraph to that section with a shoutout to you. Thanks again!