On the database make use of Stored Procedures everywhere, so that everything without exception is does via Stored Procedures.
Then when someone wants to make their website more secure they just have to make sure the only user rights available to WordPress is to run Stored Procedures.
If someone makes does any query to the database that is not a call to a stored procedure, then it's blocked.
So everyones website will be a little more secure, and run just a fraction faster.
I know that stored procedures came in to MySQL in version 5.0, so it's about time to use them.