Here are a couple of ideas I'd like to toss out. Proposals can take a lot of time to write and it might be easier this way to flesh out the details. 1) Optional password encryption. Right now passwords are stored as clear text. What's interesting is that Zope can already authenticate against SHA encrypted passwords, it just won't encrypt user passwords unless you force it to. As a test of Zope's ability to authenticate against encrypted passwords, I sneakily implemented the "inituser" changes with SHA encryption by default. That means that the password for the initial user stored in the database is not possible to decrypt and yet nobody has had any problems with it AFAIK. Since it has been successful, I'd like to suggest we add a checkbox to basic user folders that enables encryption for new passwords, and have it turned on by default. The risk is incompatibility with HTTP digest auth, which I imagine nobody is using right now. 2) If cPickle were to do something similar to "intern"-ing strings when loading objects from the ZODB, Zope might consume significantly less RAM on busy servers. ZODB uses lots of strings. ZODB caches cannot be shared among threads. But strings, being immutable, can be safely shared. We couldn't just intern the strings since that would make them immortal, but if we used weak references it could work. The only risk is the speed impact during loading of objects. Shane