When having a very sensitive information, it would be best if there is a role that will only able to execute registered UDFs, so when the client has been compromised (by malware) the server still able to validate every query or update. It would also make the user able to define a schema if they want to.
Thanks for your feedback. We definitely have further enhancements to our security features in the pipeline.