(Just as a follow up in case anyone ever comes back here)

Turns out that was the phrase I was grasping for.

There's an interesting article here:
  http://online.securityfocus.com/infocus/1644
and some white papers available here:
  http://www.nextgenss.com/research/papers.html
in case anyone's interested (swiped from the DBI mailing list).

While it's a problem if you're going to be building your SQL into a string yourself ("SELECT $idiot FROM $fool WHERE $twit"), using the DBI's placeholders seems to be a damn fine step towards protecting your scripts against this kind of thing.