What are the security issues of letting application developers use xp_execresultset?  Is it susceptible to SQL Injection?  And if so, wouldn't it run under the authority of the SQL Server...