Just a thought but what about aliasing the columns returned by the stored procedure to give another level of protection? The real column names are hidden and the naming convention can't be extrapolated.