Decouple flash proxy facilitator front- and backend
The flash proxy facilitator uses Python http://docs.python.org/library/basehttpserver.html, which means it's stuck with a substandard web server and a substandard event model. It should be rewritten to have a small web frontend that communicates with a local process that keeps facilitator state.
This will allow us to use a real web server with TLS. The frontend is responsible only for checking the syntax of requests, passing them on to the local facilitator process, reading the result, and passing them back on to the web client. (Maybe the frontend can also be responsible for rate limiting.) I don't think there's anything that needs to block for a long time.
The backend can be written in C and libevent, for example. The web frontend gives it a layer of input sanitization. libevent will allow proper timers for expiring registrations, which is awkward in the BaseHTTPServer model. The backend can save state across restarts. I envision a simple test-based protocol for communication between the front- and backends.