Well I wouldn't reach that conclusion, Google would surely have programmers available that could prevent injection attacks, even if they did have SQL servers in their basic search job stream. Its a standard task to accept SQL text in a post and escape the offending characters that could produce an SQL injection.