SQL injection has to do with how the pages are coded and not the security of the sql server.
Refer to the following articles for additional information:
SQL Injection FAQ
http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23
Protecting Yourself from SQL Injection Attacks
http://www.4guysfromrolla.com/webtech/061902-1.shtml
Stop SQL Injection Attacks Before They Stop You
http://msdn.microsoft.com/msdnmag/issues/04/09/SQLInjection/default.aspx
Injection Protection
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsqlmag04/html/InjectionProtection.asp
