Not really. It was an internal application, which greatly reduced the risk. The type of information wouldn't be very useful to an attacker. The main problem is that there are developers and business people who also run some SQL and use the system. If they accidentally paste SQL into a search box, it will execute. They could drop tables or anything, even in PRD. If someone were disgruntled or an attacker gained access they could intentionally wipeout the database.