All software has bugs and security holes, MySQL has bugs and security holes.

Using SSL is up to the person deploying the web app so it's not the fault of the web app. MySQL doesn't have to run over SSL.

(Using MySQL just as an example, MSSQL, Oracle, PostgreSQL will have the same issues albeit not all the same and each having their own)

I find it very useful to be able to run a query on my database anywhere I am and I use phpMyAdmin. It may not be the most secure but when you need something to have access anywhere it outweighs the security issues.