I also love CouchDB/PouchDB, but it’s quite clunky to configure the security settings on a per user basis, and many times I want to additionally transform the data before bringing it to the client. I also don’t like to be locked into directly blasting a database with requests (sometimes it’s better to use caching). So for those reasons I keep it behind an API layer.