There are no scenarios where you would directly access a database securely without a middle man server.
There is (one?) if you define securely in a loose manner. A user with only select privileges on a set number of tables could access a database securely (as in, couldn't compromise the data, not securely as in no one being able to figure out the password), but I'd never recommend it to anyone.
No because if he wants everyone to use the application, then all users should be allowed.
And by securely I really mean without being able to figure out the password to the database by, say, using tcpdump.
You should also encrypt your data, instead of using plain Strings back and forth. The simplest way is to send objects using ObjectOutputStream and ObjectInputStream. Java serialization will handle the "encryption" (aka, the object graph that looks like a bunch of junk).
Hope that helped