I haven't done extensive database logging analysis to determine how Mendix translates entity access rules into SQL for different RDBMS engines... however I can confirm that I have seen similar cases (of performance degradation and enormous SQL queries for entity access) on Postgres databases as well.
In my experience, the main improvements can be gained using the following changes:
The idea to improve security to tie entity access to ‘allow access if you are allowed to access the parent object’ is an interesting one, and should definitely improve maintainability of your model.
Performance-wise however I don’t think it will make much of a difference as the Mendix runtime would still need to know if the user has access to the parent object(s), and I don’t see how this could be done without traversing all the way back. E.g. it should also work in a microflow where you retrieve the deepest level objects using entity access without using the intermediate objects. Imagine a datagrid showing a list of unique products that were ordered by you as a user; this would require a retrieve via orderlines/orders to which the user has access.
Also, very interested to see other’s opinions and experiences :)