I'm no security expert but I have picked up a thing or two over the few years I have been a webdeveloper. I don't think you should worry too much about the object-names you have in your database. If a hacker decides to hack your db I'm quite confident that he knows how to do a select on the master-db and find exactly what he needs.
Instead you need to be carefull about the security of the server itself and how it gets accessed and the way you program your application that communicates with it. You can have the best firewall in the world and make it completely unhackable from the outside, but if you don't program the app properly you're basically in trouble anyhow. No matter what sort of application and what language you use you always need to validate your userinput for malicious characters, where it comes from and the lengt of the input. Let me show a brief example of a very common login-sequence(in vb-script):
Usually this works just fine, but if a hacker decides to test your app imagine what would happen if he entered something like this:
Username = TRIM(Request.Form("Username"))
Password = TRIM(Request.Form("Password"))
SQL = "SELECT * FROM users WHERE Username = '" & Username & "' AND Password = '" & Password & "'"
Username: john' OR 0 = 0;DELETE users;--
If somebody does this to your website you would have an empty user-database and you would not even be close to understanding what happened in a GOOD while. My thaught is that application security is just as important or even more important than firewalls and all that and it is quite often beeing neglected...
"Real programmers don't document, if it was hard to write it should be hard to understand!"