One of the things that any even vaguely security conscious Enterprise Vault administrator and SQL Database Administrator should be concerned about is minimum-level of permissions for things like the Vault Service Account.
With the release of Enterprise Vault 10.0.3, and of course, the accompanying Discovery Accelerator and Compliance Accelerator products a document was released giving more details on how to secure the DA/CA/EV databases. Here is the link:
http://www.symantec.com/docs/HOWTO80670
This tip was passed on to me by a former colleague, so thanks for that Paul Juster.