Not to go over what already has been stated, i think you've had a bashing enough for using sa...
You can use a Logon DDL trigger in 2005 upwards to regulate which application can access the database
http://technet.microsoft.com/en-us/library/bb326598.aspx
This link explains them a bit, but be careful with them or you caould find that NO ONE can connect to the SQL Server.
A better solution would be to change the sa password, and make sure nobody has it. Then configure your website to use a different user as stated above - or use an application role for your website.