Hi Lhot
Its a simple matter of the priviligies that go with the administrator login at an NT level that is the issue. I recognise the fact that it still may be very difficult for someone to hack into your box in the first place, but if they did via a SQL Server security "hole" (ie. SA access other other methods discussed) they how have administrator privilige access to your server as well. It can be a pain to setup, but the service requires very little privilige to run as as such, there is not need to give it rights that are far beyond what is actually requires.
As for DEV and TEST, well, thats just personal preference.
Cheers
Chris
Chris Kempster
www.chriskempster.com
Author of "SQL Server Backup, Recovery & Troubleshooting"
Author of "SQL Server 2k for the Oracle DBA"