Well you said it yourself. It's bullet proof. No way around that. And they left select unfiltered, which is good... for... admins. You know, because they may need to select something, from another non-filtered source, such as information_schema. But, that's just taking a guess at the database they're using, based solely on the things they did choose to filter.