Of course, once you've typed the passphrase for your SSL cert once,
it provides no more protection than a cookie...
As cheesy as it is, I think checking Referer might actually be
helpful. It is trivial to spoof Referer, so you should not use
Referer alone for security, but I think it is nontrivial for a CSS
attacker to cause you to lie about Referer.
It might be as simple as overloading db_dml to check [ns_conn header
referer]. If it doesn't match [ad_parameter SystemURL] you present a
form with a bunch of [export_entire_form] hidden fields and make the
user click a "Yes I understand I'm submitting a form to
[ad_system_name]" button.
Very rough untested idea, but it might have some merit...