I've found that the real reason why there are security holes in systems is because companies have been talked into having them. "Oh... the developers need to have DBO or SA privs in production." "Oh... we have super users that need to be able to see everything." "Oh... it takes too long to write/rollout secure code."
Oh oh oh-oh oh!
--Jeff Moden
Change is inevitable... Change for the better is not.