Does dynamically formed SQL in Stored Procedures negate the very purpose of Stored Procedures?

We have old project 10-12 years now. It was using SQL2000 which we have now moved to SQL2008.

While this task i found that Stored Procedures were accepting parameters and then constructing the query as a string and then using EXEC to execute the command.

CREATE PROCEDURE MyProc
  (@TableName varchar(255),
   @FirstName varchar(50),
   @LastName varchar(50))
AS

    -- Create a variable @SQLStatement
    DECLARE @SQLStatement varchar(255)

    -- Enter the dynamic SQL statement into the
    -- variable @SQLStatement
    SELECT @SQLStatement = "SELECT * FROM " +
                   @TableName + "WHERE FirstName = '"
                   + @FirstName + "' AND LastName = '"
                   + @LastName + "'"

    -- Execute the SQL statement
    EXEC(@SQLStatement)

Is this a bad approach. Does this kills benefits of Stored Procedure (pre-compiled query benefit ) ?