I just want to say that I spent a long time re-reading your comment to understand your criticism before I saw that you're actually complimenting this idea, lol. I think that's a great way to highlight the strength of this approach: adding access control to such an app is about as easy as adding it to a simple DB.