Hello,
I am a "security aware developer" and would like to recommend two things here:
a) WHERE-USED list of objects in SU21 is your best friend (as pointed out by Julius)!!
b) spend (allow your developers spend) more time on choosing the "tools" (like BAPIs). It is worth the effort IMO. Be strict, forbid BDC etc.
To elaborate on b):
I was always in a hurry when I started with programming (long before ABAP) and didn't spend much/ enough time on checking what was already available. With ABAP it is crucial to get yourself familiar will all the standard coding that you can reuse even more (this lesson is so important for me that I even blogged about SAP standard and reusability several times, you may find it useful...).
There are many other cases when you appreciate SAP standard, not just security. You can get the performance wrong, DB access wrong (when this is allowed and you make a mistake... BOOM... you know what I mean).
One of the examples when you can almost force developers to use these APIs is when you use the Code Inspector and you're a tough security and quality manager. Code inspector gives you the weapon to do scans quickly (although they're very limited) and the tool is not that strict to provoke heavy resistance. Many of my customer are much stricter than what Code Inspector allows/ highlights and they operate well and their developers still deliver.
Extreme example: I recommend my customers not to allow kernel function calls in custom coding (unless there is no standard code that calls the function and can be reused, but in that case one should contact OSS and request a fix/ reusable block IMO and the developer must prove there is no other way at the moment).
Why I mention this is that in 98% cases (my personal statistics) there is a way how to get things done using SAP standard (without brutal hacks! just pure clever reuse).
If your numbers are different, maybe your developers need a push to learn more about the available tools. In case your numbers are different and it is not because of the team deficiencies, I would love to read a blog about it, maybe you can help SAP build something better 
Anyway I am glad we get to read interesting discussions also for developers here and good luck!
Cheers Otto