Only superuser can define a leakproof function

Not sure what tools you have for said instance. Can’t you just log in to some kind of console, enter psql and grant required privileges to non-superuser account?

I have used custom PostgreSQL’s functions many times and I do not imagine that somebody would prevent me from using so useful API.

If you ask me I understand why someone may not want superuser access for apps, but I don’t see why some privileges shouldn’t be allowed to grant for a desired postgres account … I would not limit your features because somebody blindly follows some security concepts.

At most you could make it configurable and disable some features in specific cases, but it shouldn’t affect everyone. Look that almost nobody knows my phone number. Should we now prevent apps from using phone numbers? In this case how we would do a phone calls? On the other side is me who does not have much phone calls as expected.