First off, I've been using WP now for a couple of years and am very happy with it. Thanks for all the hard work, guys!
I've recently had 2 WP installations hacked, and doing my research saw that this is not an uncommon problem for WP or other database based tools.
Coming to think of it: would be awesome to have a function where wp would make an automatic backup of all *.js, *.php and *.css files under the WP directory every 24 hours. Prior to making the backup, any differences to the previous day's backup would trigger an alert e-mailed to the admin of the page and showing a prominent warning on the dashboard, so that the admin can be warned of an intrusion (and ignore the warning if he had made the changes himself).
And I'm sure you hard-working people are very much aware of those vulnerabilities coming from hackers injecting code — isn't there a way to let people only write plain text messages?
Furthermore, is there a way of blocking people from registering as users — and especially from being promoted to administrator level?