If you're using stored procedures as your single point of entry, then you are still vulnerable to developers using a non-standard tool to get around them.
Only if the crack the db admin's password. If no one has access to the base data and no one has anything but select permissions on views, excluding a crack in the database engine/password for the admin/etc. how am I vulnerable to a developer "getting around" the stored procedures to manipulate the data directly?
In short, if you can only manipulate data via the stored procedures you have execute only permissions on, how are you going to get around that?