It would be very interesting to add PAM support to the authentication mechanism. (or otherwise enable outside-authentication)
This way web-masters can manage their users more easily accross blogs, accross aplications (give eg. ftp-access) and make a way to make the whole directory unreadable by outsiders using .htaccess and the same user account.
There is an interesting thread on: [wp-hackers] http://comox.textdrive.com/pipermail/hackers/2004-June/000126.html.
It could be really easy actually.
Authentication against PAM (once installed with php_pam) is as easy as: pam_auth($username, $password, &$pam_error);