>It is more effort, but offers less info about your setup "into the wild". Just knowing that such a server exists may attract unwelcome visitors.

True, but allowing local connections only does not harden any sql server. Web services as the only interface and gateway to the server are surely limiting the risk of sql injection for example, but there are surely other attack vectors, sometimes from an account at the same hoster, sometimes by uploads, ftp, whatever. I'd harden the sql server in such a way it's safe to allow remote connections. To rely on limiting local connections is false safety, isn't it?

Bye, Olaf.