It is not uncommon for an application to have a table with more than 100k records. It is also not uncommon for a user to need full read access to such a table.
Any Mendix application where this is the case has a major vulnerability, where the cloud environment can be taken down by using a simple xpath retrieve of the full table.
Even though you can reduce a lot of the risk by not making anonymous users able to do this, for some applications this can still be considered a significant security risk.
Not only is it very easy to do this, as all information is publicly available, also in case someone actually attacks an environment like this it will not show up in the logs either.