So testers and developers, please do not assume that an sp means safe. you still have to properly parameterize your queries and validate input and output. Security and shortcuts do not go together. If you think you may have vulnerable SPs like this, try running a query such as SELECT object_Name(id) FROM syscomments WHERE UPPER(text) LIKE '%SP_EXECUTESQL%' OR UPPER(text) LIKE '%EXECUTE%' OR UPPER(text) LIKE '%EXEC%'
to try and see where these venerabilities are.