The article was written about an effort using Drupal 4 ... and it turned out to be suprisingly easy due to the structured nature of the Drupal database api. Did you read the stuff??
I stand behind my use of the phrase "non-trivial". The fact that Drupal has a reasonably clean DB communication layer that separates out bind variables to avoid injection attacks was why they didn't give up on the project at the start. I doubt anyone involved in the project would describe the effort as "surprisingly easy".