After the long security discussion my plan is to only use the main site for admin. All "user" pages will be in subsites under the main site. I'm going to add some options to sudo so that you only access admin pages from the main site and that the referer must be the main site. If you don't then you'll be directed to a policy violation page. There will be a link there to the corrisponding page on the main site.
For example if I click on the admin link subsite/admin I'll be redirected to mainsite/sudo/policy_violoation. That page will have a link to mainsite/subsite/admin. If I just type mainsite/acs-admin into my browser I'll be redirected to mainsite/sudo/policy_violation (because referer is null) but when I click on the link everything will be fine.
I also added a feature like host_node map so when you go to http://subsite.com you are redircected to http://subsite.com/subsite.
With all that I think it's pretty bullet proof (more so than most sites anyway). It would also be nice if there were no such thing as a site wide admin except under the main site hostname.
