For a secure, fast and maintainable data layer, use stored procedures.
That's what I used to think at least. This post by Frans Bouma has me re-evaluating my beliefs. Don't know if I quite agree that Dynamic SQL is the way to go, but it certainly got me thinking.
If you're a developer that's ever worked with a SQL Server database, check it out. Now.