alt Hacker NewsRow level security is absolutely fine.
Most companies, or at least the ones I've worked at, don't use row level security at all. Instead, the application just accesses the multi tenant database.
It's absolutely littered with broken access control vulnerabilities. You have to remember to put the user key and group in every query across the entire application. And then there's dynamic queries and ORMs, which make everything worse. Now you cant even audit the source code, you have to observe behavior.
Most people don't know their applications have these vulnerabilities, but they're very common.
I have never suggested that there's something wrong with RLS nor that RLS and an application should be mutually exclusive, as I've pointed out multiple times now.