I asked a question today about dynamically changing a php config file for connecting to MySQL, and it was obvious it's a bad idea. But after searching the Play Store I found a MySQL client app where you can add connections after inputting the host,database, username and password, which makes me wonder how that app works. Does it not send a POST request with the database information to create a config file with whatever server side language they're using? If it does that then does that mean the app is not very secure? Or is it using another way to connect to the database?