How do you deal with securing the DB's in this setup? Is it possible to isolate the compute engine DB ports to only your appengine instances, or do they have to be open to the whole world?
App Engine Flexible runs on GCE instances, which all have internal IPs. So you can just firewall off external traffic but allow internal, which is the default anyway.
Global GCE instances within your project, yes. Not every GCE instance everywhere, that would not be very helpful :)
If you wanted to have some instances that couldn't talk to your database, easiest thing to do is probably throw them in a separate project or create a new subnet that you firewall off and create your non-App Engine instances in that subnet.
Disclosure: Also GCP Developer Relations