Which is a bigger threat to your employee salary database?
A script-kiddie with a password cracking script
A disgruntled employee with a big hammer
The answer is the disgruntled employee with the big hammer. As a general rule, it is easier to take down a web site through brute force against the server hardware than it is to hack the site. People rarely spend enough effort on the relatively simple effort of securing the hardware.
The degree of hardware security you need is proportional to how badly outsiders wish to access or destroy the data it houses. If you have a machine hosting your personal home page, locking the door to your house is probably good enough. If, on the other hand, your MySQL database stores the salary data for your entire company, that machine better be locked behind a door whose access is monitored.