This is the point where I confess to being confused. I presume I am wrong but it looks like any Firebird database has a "public back door". What stops me taking a copy of SecretDatabase.fdb and connecting to it on my own Firebird installation?

If you have access to Firebird server and to the database file, you can get a copy of IBSurgeon FirstAID (recovery tool) and view data without any password :)

To protect database file in such situation (for example, if you distribute it to the untrusted environment), consider to use encryption - there are ready to use third-party plugins available or you can build your own.

Regards,
Alexey Kovyazin
IBSurgeon

Steve Bailey