Limit/Filter access types available through a listener socket
One thing that might be worth considering is to add another setting to listener sockets that would limit which requests are handled on that port. Listener clients, POST/sources, admin, STATS, XSLT, static files - come to mind.
Especially in case of professional installations there is often the desire to limit exposure to potential attacks to a minimum. That way there could be a listener client port on public IP, while all advanced functionality would only be available on a firewalled IP/port.