docs: document cross-window access and unbounded fetchAll

Add Security Considerations section to README covering shared state
across windows, resource limits, unbounded fetchAll, and path
validation. Add @remarks to the Database class and fetchAll() in
TypeScript, and a doc comment to the Rust fetch_all command.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: pmorris-dev

guest-js/index.ts

@@ -757,6 +757,12 @@ class TransactionBuilder implements PromiseLike<WriteQueryResult[]> {
  *
  * The `Database` class serves as the primary interface for
  * communicating with SQLite databases through the plugin.
+ *
+ * @remarks
+ * Database instances are shared across all webviews/windows within the same Tauri
+ * application. A database loaded in one window is accessible from any other window
+ * without calling `load()` again. This means writes from one window are immediately
+ * visible to reads in another, and closing a database affects all windows.
  */
 export default class Database {
    public path: string;
@@ -930,6 +936,11 @@ export default class Database {
     *
     * SQLite uses `$1`, `$2`, etc. for parameter binding.
     *
+    * @remarks
+    * This method returns the entire result set in a single response. For large or
+    * unbounded queries, prefer {@link fetchPage} with keyset pagination to keep memory
+    * usage bounded on both the Rust and TypeScript sides.
+    *
     * @param query - SQL SELECT query
     * @param bindValues - Optional parameter values
     *

src/commands.rs

@@ -290,7 +290,10 @@ pub async fn execute_transaction(
    }
 }
 
-/// Execute a SELECT query returning all matching rows
+/// Execute a SELECT query returning all matching rows.
+///
+/// Returns the entire result set in a single response. For large or unbounded queries,
+/// prefer `fetch_page` with keyset pagination to keep memory usage bounded.
 #[tauri::command]
 pub async fn fetch_all(
    db_instances: State<'_, DbInstances>,