Imho, enable non-ssl connection or another 'features', but exactly (and unarguably?) inform the customer representative (and/or your authority) about security impact.
And what about main authority... Remember Decalogue... You will have only one authority. I think that filesystem will be better choice, and, in this case, think about db as about cache. Or, if you will choose db as authority, think about filesystem as about backup-layer or mirror. The point is where updates could be done.