Re: encryption doesn't help?
The point is really whether the database itself is compromised, or the code that accesses it.
If the database is compromised but the codebase is secure, then keys in the code are secure, and the database is worthless.
It is even possible to locate the key somewhere else in a hidden file so that even if the code is known, the key is not.
Nothing is secure on a rooted machine, but a lot can be made secure on a machine that is not rooted. But is still hacked.
The point about SQL injection is that it exposes some or all of the tables, not the code base or the machines total file system