Again, you're completely ignoring shared hosting systems. You have a very strange understanding of what "real-world applications" means when it comes to MySQL.

One term for the applications you're thinking about is "certified pre-owned". Michel Zalewski just made a handy logo for those people to slap on the bottom of their front page:

http://lcamtuf.blogspot.com/2012/06/this-page-is-now-certifi...

"In most real-world applications, MySQL authentication and privileges have absolutely no effect on security."

To me, that makes as much sense as:

"In most real-world applications, file permissions have absolutely no effect on security."

Or:

"In most real-world applications, running services under isolated uids instead of running everything as root has absolutely no effect on security."

It's a bold claim, but one made with no evidence to back it up.