Some more thoughts
Better security options to prevent spammers and hackers etc without having to rely on Akismet and 3rd party API lookups. So automatic lockout on login if it comes from an IP you don't specify (or say allow X attempts to login) and then a big old DB of IPs that try to hack/spam that could be used by everyone to improve their sites security e.g by blacklisting them automatically - saves bandwidth, saves ££.
Another thing which is really good for forms you don't want BOTS to spam is a BotTrap e.g an out of FORM flow input - to prevent Google autofill trying to fill it in with details, hidden by CSS, called "email2confirm" or something so BOTS fill it in and then on submission you can catch them out if its filled in knowing humans wouldn't have seen it.
Then onload the page runs some JS that converts the DIVS outerHTML to a FORM with action, method, onsubmit event etc.
If the BOT can't run JS (as most don't) this prevents them from seeing a FORM on the page and only people with JS can use it - A message could be shown asking them to enable JS if they have it disabled although most people do anyway.
This would be good to reduce bandwidth on checking for spammers.
Also I don't know why the .htaccess file cannot be built up on the fly depending on the config settings of the site.
Instead of passing everything though index and having a massive function that tries to work out if the URL is full of categories/pages/posts/tags etc why not just create a rule for each page "type" in the .htaccess file once the format of the URL is known so that a request to /category/sales would directly go to the code / file that ran categories and a request to /tag/sales would go to the tag page that did tags. Nothing would call the huge function that has to work out what is going on which must be a killer on every request - e.g using PHP for directing requests to pages instead of moving that logic up the chain so it's faster.
Also there is so much code in WP that is just functions calling functions calling other functions to get a single value.
The over head (especially in loops, and plugins that don't know what functions like get_permalink() ) actually do must be a killer - it was the reason I wrote my Strictly Google Sitemap plugin > http://wordpress.org/plugins/strictly-google-sitemap/ so that there were only ever 7 database calls to get all the posts/categories/tags etc not an increasing amount that went up and up depending on the number of posts/pages you had on the site.
You can see the stats comparing my plugin with the "best on the market" and another here > http://www.strictly-software.com/plugins/strictly-google-sitemap-plugin
If you ever run out of memory then maybe its plugins that call WP functions in loops that cause it.
Anyway just some ideas.