The only "downside" is that the format is an open spec, which allows anyone to modify the contents without going through the specific application. And it's only a downside if you are using the format as an obfuscation to prevent third-party compatibility/reverse engineering, or to lock in customers.

Yup. You can strip headers from the file though and keep them in your application though, to keep the file from being easily usable. And/or encrypt it.

SQLCipher + a hard-coded or generated key in your app.