Cross-posted to the geodatabase forum. Please take discussions there if appropriate. Thought this would be of interest:
ArcSDE security: ST_GEOMETRY EXTPROC listener exploits and hardening the SDE schema?
Also please consider:
"Harden" ArcSDE repository on Oracle: do not grant privileges to PUBLIC role unnecessarily