How would you explain the risk of a Blind SQL Injection to a product manager who wants to delay the fix?