As an aside - (the guys will probably kill me for mentioning this given the current roadmap), a specialized Ignition reverse proxy could make sense, particularly for a hosted version. I would imagine it as an Ignition gateway with only 1 specialized module installed, no direct database or OPC connectivity for security purposes. Reverse proxies are a preferred method for deploying Java/Tomcat web apps. The hardened, specific app would run in your DMZ and act as a reverse proxy between clients over the Internet and one or more Ignition gateways that are placed on more vulnerable segments of your network. It could do some pretty cool content caching and load balancing if it was specially written to be aware of the gateways, especially if you were accessing sites across slower WAN links. It could also support more methods of integrated authentication - think Kerberos/LDAP pass through and common authentication between gateways. It could also potentially work well with many hosted gateways, either on separate ports or as a sort of aggregator.
That said, I doubt the demand exists. My guess is that 99% of the users can achieve accessible and secure implementations using the existing Gateway and standard IT technologies. Cool thought, though.