The Ops Management team has also put a lot of thought into the database security with version 2007. There is an overwhelming standard of zero/limited access to the operations database. The SDK is also known as the 'gatekeeper' for all access to the database. The agents and gateway servers have NO access to the database. The management server has limited access to the database. Finally the root management server has database access through the SDK. So although it might be scary storing all the information that MOM (now SCOM!) stores in a single database, the security measures that the team has put in place should help you sleep better at night.
In addition to all the other updates, they have also made Role Based security groups accessable in SCOM. That way you can leverage the exisiting group infrastrucure you have, and assign security based off of that. This is a huge sigh of relief for those of us who LOVE to use security groups!