Even if an attacker can't drop your database or corrupt your data, I'd rather they not be able to do a resource sucking cartesian join on tables in my database (mysql doesn't allow subqueries, so you may be safe from that).

Update: I, um, meant old versions of MySQL...yeah, that's it :-) (Ok, so I need to update my own mental database :)