DocumentDB on Azure can besides the data hold JavaScript app logic in stored procedures, trigger and user defined functions.
If the app logic is computationally fairly simple (or even if it is not) would it then be a usable solution to have the entire backend in the DocumentDB instance and then have the client apps connecting directly via the DocumentDB REST interface? Or am I missing something in terms of security performance here?
Yes, there are scenarios where you don't need a middle tier and directly perform queries from your javascript client to the DocumentDB.
However, you don't want to expose a Master key to the client, instead you wan't to work with Resource tokens, thus you need a small middle tier service that issue a timebound token.
Also see Securing access to DocumentDB data.