[qaqy]

There is thins annoying thing called security with such things as trust boundaries etc. So if you are creating a mildly secure web app the only permission your web apps db user has is to execute a subset of stored procedures and that is it.

[threeseed]

I guess you better let everyone know that their web platform isn't secure unless they are using a SQL database with stored procedures. Which would make PSN, Steam, iCloud, Office365, Gmail, Facebook, Twitter all insecure right ?

Generally if you have exposed your db credentials it's because something has gone very wrong i.e. your entire host has been compromised in which case stored procedures aren't going to save you.