I like the "do everything through stored procedures" approach, and have been practising and advocating it for more than a decade. I'm surprised it isn't used more often, since it is quite certainly the surest way to get a really secure system.

The statement "I rarely see this in place" in your article surprised me too. I knew quite a few systems that had it in place in the early 2000s. I worked knew two systems that not only had the all stored procedure approach but also had quite a lot of their C++ and/or JScript code driven from SQL (some of it as extended SPs, some through activating jobs with cmd and/or ActiveX jobsteps, some using xp_comandshell).