I don't know how secure the database itself would be when exposed to the internet. I suppose in theory it could be hardened, but theres a lot of surface area you have to understand. I'd lean towards a web server myself, as this lets you tightly restrict what you're going to let clients do. For encryption, I know the labview http client supports tls, and it looks like mysql does too, if configured. From labview you'd have to use the odbc/activex connector, since labview doesn't have built-in tls support (just the http client). Https is almost certainly more firewall friendly.