Since we are discussing locking down our defaults is revoking the global
function execution privilege granted to PUBLIC - instead limiting it to
just the pg_catalog schema - on the table?
I'm not sure how strongly I feel toward the proposal but it does come up on
these lists; and the fact that it doesn't distinguish between security
definer and security invoker is a trap for the unaware.
David J.