That sounds great! About SSL, one issue I still see is that the posting key is exposed in the settings and can be stolen if a user logs in to his Wordpress blog (without SSL) and his session is hijacked. Maybe it would make sense to hide it after it has been entered?