This is not an either or scenario. Both test different things and should be written. I don't want to criticize DB since god knows everyone makes stupid mistakes, but this finally convinced me that I will never pay them for their service and that I should encrypt ALL data in that folder (instead of just the sensitive data, which is what I do now).