A nonce token is missing in the settings, check "wp_nonce_field()" and "check_admin_referer()" in WP codex. This leads on a CSRF attack
Also, a XSS attack is possible because the title is not sanitized with "esc_attr()" and "esc_html()".
BUT, if i close my eyes on this, this is a great idea ! nice work :)
Waiting for the next patch to use it ;)
See you !