I would like to see admin.php (and relate) pages moved to their own directory, so that I can add an extra layer of security using a server based directory protection AUTH mechanism (say, and Apache AuthType Basic on that dir). Now that admin stuff is the the "root" too, I cannot apply such protection.
Apache's basic authentication is less secure than Coppermine's own authentication. I'm pretty sure you can set it up for individual files aswell as whole directories, but several files are shared by both users and admins making this problematic.