That's not a reasonable comparison. Nmap and nc can't be used directly to hack into a box. Nmap and nc are tools, which need to be carefully configured to attack someone. Realistically nmap, at best, could be considered a reconnaissance tool. On the other hand, SQLninja is specifically designed to find and attack servers. Sure there are legitimate uses, but including (semi-)automated attack tools has ethical and, less likely, legal implications. We don't really think that much about 'branding' with Linux Distros, but blog entries with titles like "How to hack SQL servers in Fedora X" can deeply undermine the credibility of a distro.
On sqlninja's web page, the only two demos both detail how to not only identify vulnerable servers, but to hack into them and gain shell/GUI access. I would argue that this isn't a "security" tool insofar as it is useful to use tools that attackers use. Instead, this is a hacking tool, and should not be included.