Filesystem based databases have no real security. Anyone with access to the filesystem can delete or change the entire database or any part of it.
Desktop applications, even with a client-server architecture, often encode credentials in ODBC connection setup, and usually have high privileges inside the database. That means any user can access your data via any other program, such as Microsoft Access or Excel, and view, change or delete sensitive data.
Web-based applications use encrypted transmission of credentials, and have not only database access controls, but middleware access controls a malicious user would have to contend with.