Stored procedures, stored procedures, stored procedures. Simply don't let the apps access the server in any other way.

Use roles with execute permissions on the stored procs.

Always make dbo the owner of the tables and stored procedures.

If they have Visual Studio .NET and Visual Source Safe, encourage them to use database projects. This will help them use VSS for their stored procedures. It's easy for them to apply their scripts directly from VS.NET.