It's as vulnerable as before. How likely is an attack?

Depends on your level of SQL Injection vulnerability as well as how many people (outside of employees) can send a custom query through to the instance.

I think in many cases, it's not a big deal. If you have potential issues, then you'll want to patch sooner.