Think of the stored procedure as a module that encapsulates code into one piece and exposes a public interface.That way when the underlying implementation changes you don't have to change the interface too.With ad-hoc sql you have no such advandage.

Furthermore a stored proc is compiled server side and can be executed faster because of caching. Another advadnage is that you can write triggers that call the procedure when an DB event happens.

The security wise advandage it that you grant access for executing the procedure but you don't have to give access/grant to the underlying tables;you have to sanitize input though.One limitation is that not all DBI/DBD drivers can bind parameters to procedures.