A backdoor requires malicious intent, otherwise it’s just a vulnerability

The exploit requires physical access. It’s not exploitable in 99% of cases

But is it fast?

PostgreSQL can even run WebAssembly (with an extension)

Every major SQL database supports json manipulation nowadays. I know MariaDB and MySQL and SQLite at least support it natively.

It’s entirely possible to sort and filter inside JSON data in most SQL dialects. You can even add indexes.