Okay, one more..
Some pages (e.g. like attachments/www/download/index.vuh) do an internal permission check and then return the file using cr_write_content. I was wondering if it makes sense in general to redirect those to file.vuh as well and add something to file.vuh so we can bypass permission checks.