You might be right, but we can't know if that is the case unless you provide us with arguments for it.
I have to re-iterate that while I don't agree with the design choice as it relates to phpMyAdmin's placement, I do fully understand that that's just the way it is. It's really not proper for me to plead, beg, or demand that DirectAdmin change their policy on this. People have used phpMyAdmin this way on DirectAdmin for a long time, so it's up to me to get used to the way DirectAdmin does this, not the other way around. And to be perfectly honest this is not a paramount issue for me, more like a nagging itch in the middle of my back that I just can't scratch - I don't particularly like it, but I'll deal with it.
But since you asked...
Well... phpMyAdmin has been known to have several security vulnerabilities in the past. Now I'm not suggesting that they didn't patch those issues quickly or that they are known to have security issues right now. And DirectAdmin does hide phpMyAdmin behind a login screen - so perhaps even that concern is less of a concern. Still the added comfort knowing that someone has to have panel access before they can even access phpMyAdmin offers another layer of security.
It's also been my experience - and I'm sure there others that differ here - that pretty much anyone that needs access to phpMyAdmin, is someone that already has panel access or needs panel access. I'll admit that there may be times when being able to access phpMyAdmin as a non-panel user might be nice. But at what percentage does it prove to be beneficial to have (a DirectAdmin sanctioned) phpMyAdmin outside of the back-end? When 10% of non-panel users need access to it? 5%? 1%? Less than 1%?
Thirdly, it's more my belief that a control panel should be self-contained. What does that mean? While I don't have a problem with DirectAdmin and other control panels (because they all do it) integrating Apache/nginx/Dovecot/Exim/PureFTPd/etc into their offerings, but to me, the core of DirectAdmin is the stuff that is behind port 2222 and the API that essentially integrates with these front-end applications. If I want to operate Lighttpd as my web server, I should be able to install it on my server and through a series of hooks and API functions be able to create an account from the DirectAdmin reseller panel and push out a Lighttpd VirtualHost entry. I don't consider it DirectAdmin's duty to provide Lighttpd functionality - because from this perspective, DirectAdmin is self-contained and providing an interface to create an account with a hook and API system on the backend that allows me to do with that information as I please (and for what it's worth... DirectAdmin does a great job of providing this).
Now if I'm using Lighttpd and one of my users logs into their DirectAdmin panel... if they navigate to the phpMyAdmin section, if I don't have phpMyAdmin setup and configured within Lighttpd... my users are going to be out of luck. But if phpMyAdmin was provided on the back-end... my users would still have phpMyAdmin access. If the links within the DirectAdmin panel depend on functionality outside of the web service running on port 2222, then it's not self-contained, because it's depending on functionality not core to the panel itself.
(I do somewhat give webmail a pass here, although if you're speaking in a strict sense it would definitely fit in with phpMyAdmin in this argument. The difference is that while 10% - which I believe to be really high - of non-panel users might need access to phpMyAdmin, as much as 80 or 90% of webmail users are probably non-panel users)
Fourthly, as it relates to a small percentage of non-panel users needing access to phpMyAdmin... phpMyAdmin is not a super secret piece of software. Anybody can install it. It's included in Softaculous. Anybody can install it. And they can install it to handle specific databases. A self-contained DirectAdmin sanctioned phpMyAdmin is not going to prevent web hosting users from manually installing phpMyAdmin on their website for the world to see if they really must have it. So if you do have a need for a non-panel user to have access to phpMyAdmin... that is always an option for you. So if the only argument for putting this DirectAdmin sanctioned phpMyAdmin on the front-end level is so non-panel users can access it... that web hosting account manually installing phpMyAdmin is always, always an option for them.
