Would that alone do it?  Because if so, I have nothing to be concerned about.  There are also other indirect safeguards in my design.  Primarily is that I never use the dbo schema anymore, though it still exists in older designs.  This prevents simply using a table name.  The tables also have FK constraints.  These would prohibit them simply being truncated per your example, although I know there are other possible bad requests.