[removed]

Postgres is normally what people learn coding on. So it makes sense that a learning project wouldn't have that much security.

I presume the ones that are secure are completely blocked at the network level. They wouldn't be counting these because they won't see them.

Exactly, that is what firewalls are for. Postgres is as secure as any other RDBMS and I say this as a database specialist who has worked cross platform for over 30 years.

I'm pretty sure the chart would look the same for, say, MySQL or any other free DB.

People that care about security won't expose the db to the internet, so you find mostly newbies.

You probably won't find many non-free DBs simply because people don't spend money on that for hobby projects when there are free alternatives.

Exposing your database to connections from the open internet is already a pretty bad signal, SSL or not.

Probably are missing from the study all the postgresql servers with sensible security around them, that may or not be using SSL, but in a lot of cases it may not matter.

[removed]