Fix possible timing gap when refreshing http_listen
Set up tokens or privkeys or tripcodes or something so clients can't trivially impersonate servers
Prevent directory traversal attacks
Error handling
Reverse proxy to other local servers