It has been interesting to see the results of the recent series of SQL injection attacks. I have been using <cfqueryparam> for all dynamic data for years, so I wasn't worried about the SQL injection. Still, even for sites with <cfqueryparam>, error email messages remain a problem.
Although I have gotten some errors from some sites, none from my newer sites. The reason is that earlier steps I have taken prevent errors from invalid URL variables.