When a user has given a sysadmin role then what ever he creates either a table,stored procedure etc, SQL Server automatically assigns dbo as the owner of the table.
You can enable IPSec from your web server to SQL Server, if you enable then only your web server can talk to your SQL Server, This might be a problem...