I hope it is clear that this article just describes a proof of concept. For production one should think more about the security implications (as for example mentioned in the warning for JWT).
Or do you mean special security implications of the overall approach? (architecture-wise)
Yes, migrations are a quite challenging issue. Currently we are using https://github.com/depesz/Versioning for migrations but I am still searching for a better way to handle migrations in Postgres. Especially updating functions is quite tedious.