- Fix possible timing gap when refreshing http_listen - Set up tokens or privkeys or tripcodes or something so clients can't trivially impersonate servers - Prevent directory traversal attacks - Error handling - Reverse proxy to other local servers