If someone has admin access to your server then you have to assume they're going to be able to extract data from it somehow, I think. Would it be considered a security hole if an admin got into your (non-SQL) payroll database? I think probably not, because admins have full access to the machine.

In short, if someone who is not trustworthy has admin access to your server, you've lost the battle to start with.