when we use Entity Framework and iqueryable, if the iqueryable object is exposed to the outside applications , we can get the context and the user may take the advantage of the connection and Entity Framework object or can do the operations that we can have permissions on the database.