I'm a Senior Microsoft SQL Server Premier Field Engineer (PFE), and this is my professional blog. I'll occasionally blog about miscellaneous SQL Server topics and the life of a PFE, but the focus will be on security issues. I work most of the time in the Washington D.C. area, supporting enterprise-class customers using SQL Server, and top-notch security is a big deal for them. PFEs, if you're not aware of them, specialize in production-server support, such as best-practices to avoid problems, but including server-down emergencies when best-practices haven't been implemented. PFEs do not do development work. For those of us compelled to tinker in development, we do that on our own time.
So, if you came to this blog to find out if SQL Server can be made secure, the single word answer is yes. The short sentence answer is, 'Properly configured, SQL Server security is second-to-none." For the whole paragraph answers, including some how-to's, read on...