Things that really ought to be considered:

  * The security manager should perhaps _always_ write a message to
    the console when a check fails, taking the pressure off the
    clients to do this.  The information could be detailed (domains +
    reason it failed, for example).

    If this is inconvenient for some clients then they could be
    offered the option of passing an extra "be quiet" flag to the
    checker function(s).



