This is a outstanding idea/project.
How do you handle security ? Can we/should we mix this with a token by each call to the server ?