Project Mayhem Shows Off Security Risks in ERP Systems, Including Microsoft Dynamics . This has been reported in a number of areas. I've read the whitepaper and frankly, there is not much that is new in here. If you can fool someone into giving up their password the system is vulnerable. If you can gain access to the SQL server, the data is vulnerable. Yep.
Good controls, auditing and the security best practices we preach should prevent the scenarios described.