Well ... I *know* how to make most of the request processor permissions checks go away for busy public sites ...
cache whether or not a site node's "world" or "registered user" readable, check those first in the RP and only issue the explicit user check if they fail and the user_id is non-zero (i.e. they're logged in), kicking them out if the cached check fails and they're not logged in.
The only question is cache flushing. There are a couple of possibilities:
1. hook it up to "performance mode" and tell people any perm changes on a site node will require a server restart or give them a "resynch cache" admin link (this is what's required if you change other attributes of a site node)
2. Have the site node map's "set permissions" link include a return_url to the perm page that tells it to flush the sitenode cache after a site node's perms have been changed. This would make caching safe as long as people change perms using the site map admin UI, which is the logical place to do so. One would have to assume things like changing security_inherit_p would also be done from there.
