The active account should not even be a DBO in the database(s) it uses. I recommend creating at least two db roles, one for general users and one for administrative access. Each role should only have permission to execute the stored procedures relevant to the role.

This might be a little off-topic but is security ever off-topic?