This sounds all too like the project I am collaborating on. It will be moderately big data (a few terabytes at most). The guys developing it just now are on their third NoSQL database - Elasticsearch.
Them: "Look at how fast it is"
Me: "You only have 3GB of data in it"
Them: "Its so fast to develop, just connect Angular straight to Elasticsearch"
Me: "Absolutely no concern given to security"
Them: "The previous project used an SQL database and ended up having so many table"
I've seen this theme way too much recently- developers giving preference to their own convenience over the security of their application, or, even worse, their confidential data. Every time, however, it was due to incompetance; they didn't know what they were doing wrong.
Frameworks like Meteor.js encourage bad habits like this. Quoting straight from their homepage[1], "All the same APIs are available on the client and the server — including database APIs! — so the same code can easily run in either environment."
Running arbitrary database queries from the client cannot possibly be a good idea.
Them: "Look at how fast it is"
Me: "You only have 3GB of data in it"
Them: "Its so fast to develop, just connect Angular straight to Elasticsearch"
Me: "Absolutely no concern given to security"
Them: "The previous project used an SQL database and ended up having so many table"
Me: "So it was probably properly designed"