For RCON, it would be nice if there were scripting functions/events for linking it to a scripted account system, and from there set in the config or scripted database for only allowing access to RCON for specific accounts, ranks, or usernames. Having this ability to link it to a user's specific scripted account system offers a much stronger security option because then users who have their accounts hijacked can't cause damage if they have the RCON password, and likewise any user who has the RCON password wouldn't be able to access RCON. It would require a specific user with the password to access it, creating a double-security that cannot be broken unless the malicious person has both access to the specified user AND the RCON password. Doing this through scripting also allows users to make it specific to their own scripted account systems optionally, or avoid using it altogether and continuing things the way they are now.