@figuerres: but it can also open a number of issues with security and how the client app stores login data etc....
That's why you need to grant access to user the level of access they absolutely need, and use SPs to do larger scale data manipulations.
And btw, even with EF, if you don't control the credential level access right, you can still have disasters.
Regarding using webservice vs direct connection, it depends. If your data size is large and your data access component does not support "infinite-scroll" like continuous partial data loading, it can present huge loading on the hosting server.
What's more? Lots of people who implement webservice does not have security in mind. They have no idea that SOAP method, when not protected with token or WS-Security based mechanism it's going to be able to be called by anyone. It's not a direct problem of webservice itself, but the wrong way of implementing it is too common that for each and all company I worked on and use webservice, I have to intervene to add appropriate level of security check. I'd rather just see they use direct SQL connection with AD group based security assignment.