One of the reasons for the severity of https://www.drupal.org/SA-CORE-2014-005 was the fact the PDO MySQL allows multiple statements to be executed.
In contrast, the mysqli functions used for Drupal < 7 set a flag upon connection to the server so that only a single statement can be executed.
The inability to make PDO MySQL behave this way has now been addressed in PHP and will be available in the upcoming 5.5.21 and 5.6.5 releases
22 Jan 2015, PHP 5.5.21- PDO_mysql
. Fixed bug #<a href="http://bugs.php.net/68424">68424</a> (Add new PDO mysql connection attr to control multi
statements option). (peter dot wolanin at acquia dot com)
See https://github.com/php/php-src/pull/896
Let's take advantage of this for Drupal core