I've currently got a big push from developers to allow nHibernate into the databases.

My concerns are security implicit in direct table access and performance.

The "Oh everyone uses it" argument doesn't cut much ice with me. I don't care if 50 blue chip companies use it. I'm more interested in the guy who is using it properly so I can gain from his/her experience.

Because I'm not a hacker I'm not sure how safe a database supporting a public facing website is when direct table access is involved. I worry about sitting there thinking I'm safe when what I am sitting behind is the Maginot Line.

From the performance point of view what happens to the network traffic if great swathes of SQL start being submitted to the database? If someone calls getCustomerDetails vs 3K of SQL surely there has to be a difference?