Very well said!

I totally agree. The arguments I get are "this is the only user I'll ever need" which usually occurs because the developer will be using a sql login embedded in the application. This isn't a bad argument, as arguments go. The other is "no other user will need these exact permissions/it takes TOOOOO much time to make a role for just one person, why would you do that". Not a good argument.

I definitely agree with David about removing access to Public! Stored procedures aren't always an option, depending on how/who/when the app was built.

I thought the reasons you presented were sound - much better than the other knucklehead who rights worst practices articles...what's his name again?

Andy