Yes exactly, you move the responsibility of "who can access your csv files" from the database to your code (that you can deploy to a suitable place, running it on your local computer is usually not the best place if security is a concern).
I think that is an investment in data integration work that you have to do if you want to securely move data into your database.