PostgreSQL RLS is the security equivalent of moving invariants into the compiler. Instead of hoping every API endpoint remembers to add WHERE tenant_id = ?, the database proves it on every query. Fewer places to make mistakes. Smaller attack surface. Better security model.