I think part of the reason why i don’t care that much, is because i’m looking at it from a software developper’s perspective.
Even without touching the source code, which would require quite a bit of effort simply to familiarize yourself with the codebase, the moment you get full access to the database it becomes ‘trivial’ (as long as you know some SQL) to do absolutely anything with the data.
Also, a somewhat common thing when working with databases is to never truly, permanently delete data, especially when the deletion comes from user-controlled actions. You can’t trust users to not delete data they didn’t want to delete and user accounts can also be compromised. Depending on the data itself, allowing total and permanent deletion can be very harmful and irrecoverable. When you don’t fully delete the data but simply ‘mark it as deleted’, it’s a lot easier to revert such problems. Even with the GDPR and the right to be forgoten, i don’t have any stats on this but i’m pretty sure there’s a lot of sites that simply mark things as deleted instead of a true permanent deletion.
edit: Forgot to mention that since bugs are also a thing, not actually deleting data can save your butt more than once.
I swear i did not come looking for burgers, but they’re damn fine burgers anyway.