Related to #3, we need to think about security of the http protocol at some point, because this is a security-sensitive application.

We'll have to do encryption, and I can try to find a way to get a secure key we can use, either through CMU or by creating a separate domain name.