Writing SQL statements manually is old fashioned and insecure.

Please point out how it's insecure the way it's currently implemented.

This will be addressed in the new implementation of the REST API using sqlalchemy.