The bitcoind server exposes all its features over the JSON-RPC API. This is somewhat dangerous in a production environment, as any system (e.g. a world-facing web server) which has API credentials has the ability to execute commands such as sendtoaddress. What I would like is the ability to start the bitcoind server in "safe" mode so that it only responds to whitelisted commands - such as getnewaddress and getreceivedbyaddress; with these two, you can offer a customer an address, and check it for payment confirmation later.
I understand that I could implement a wrapper around the API, but this feels like standard practice and something that the client should provide by default.