The strongest argument for PostgreSQL RLS isn't convenience. It's non-bypassability. An application-layer check can be forgotten. A database-enforced policy applies regardless of which API, service, script, agent, cron job, migration, or developer issued the query.