Man, there's a type of dev that will just take every shortcut going.
No it is not alright for your web app to have root DB access. Do it properly.
I think this happens because the dev needs to create a MySQL user so they google that, and the how-tos show how to make a superuser account, so that's what they do.
"Much good work is lost for the lack of a little more."
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!