[slagfart]

How? Even with the password for this user, you could still only gain access to the read-only schema.

Something I should have spelled out - the read-only schema has only the data that the charts need (heavily aggregated views). We basically build with the assumption that the schema will be compromised, but only that one schema.

[andrewstuart2]

Without ssl all that data can be observed in transit between your read-only schema and the consuming service. There's very low risk to integrity (i.e. nobody can modify data via read-only methods), but complete list of confidentiality.