DB Encryption

Hello,

So I've run across a possible security hole and want to get some input. I've noticed that it is possible to alter the html pages and rhoconfig.txt file in a Javascript application in a deployed application. The problem that this creates is that even though we could lock down a directory so that a user cannot alter the files they could potentially create a new app with our data models and gain access to the information that should be encrypted.

Without knowing exactly how the encryption works maybe I didn't test this theory in the best way and if so hopefully someone can assure us this case can't happen. Here is what I did. I ran our app on my development PC and downloaded a bunch of customer info to our application. I then tried to open the files and received a message saying that the db file was not a sqlite 3 file format and it couldn't be opened. Great that's what we expect. However, I built an older version of our application that is sitting as an entirely different project and installed it on a remote device. I then copied the db containing customer info on to said device and tried opening up the application. Sure enough I was able to see all the customer info but still couldn't open the sqlite file through the file system. The only thing that might be questionable is that the old application is very close to our current one but I figured that they were both built from separate projects so that should suffice. Should this be possible?

edit: I decided to just be sure that if I created another application with just the data models that I would produce the same results and I have.

Thanks

Chris