Agreed!

I remember having a discussion about 10 years ago with Kent Tegels on the old SQL Junkies website. It was just after Kent had remarked it was up to DBAs to secure their databases better (or something of that nature). I pointed out to him that all the efforts of a DBA were for naught if a developer implements some idiotic code. Time and again (and very recently) bad code has compromised what were probably considered very secure databases. I actually can't think of one breach due to weak database security in the last several years--they've all been SQL Injection or compromised network credentials.

If there's any argument to be made for utilizing stored procedures it's that the query code is in the database, and the review of such is the DBA's responsibility. Most devs don't like the idea of the idea of their code being reviewed by a non-developer.

I'm not sure how to bridge the often contentious divide between DBAs and devs. I've never experienced it myself, and I've had one foot firmly planted on both sides of the SQL Connection for years. But I've heard plenty of horror stories. I think it's incumbent on managers to not only not promote the contention in the first place, but to get both teams working together when there is strife. Make awesome, not war.