When designing a system I go out of my way to keep stored procedures in use and database credentials secure. The software expects to get an environment variable and operate accordingly. The data access layer knows which stored procedures to call. The system works well unless someone takes a shortcut and decides to bypass the data access layer AND decides to supply an embedded config file with data access information exposed in the clear.