Fabiano Amorim provides a public service announcement:
A dangerous privilege-escalation path exists in SQL Server when cross-database ownership chaining, system database defaults, and overly permissive permissions are combined. Under these conditions, a low-privilege authenticated user can escalate to sysadmin, gaining full control of the instance. This article walks through how an attacker can abuse these mechanics.
Click through for a detailed explanation of the problem. Then, check out module signing as an alternative that is considerably more secure.