If the admin console is integrated into the core (which I think is a bad idea), it’'s important to allow disabling the HTTP access to it.
The reason is that many sysadmins are suspicious of any application that allows reconfiguration at runtime, bypassing the version control. I can understand how for the casual user this is a feature, but for us it’'s really a drawback.
And if we go further this route, even better would be to extract the functionality which is needed by the other plugins and distribute the webapp GUI as bundled plugin, so we can delete it if needed.
Another issue with the current implementation of the admin console is that it does not allow to specify read-only administrator accounts. IMHO, the best way to do this is to provide a JMX interface to all admin functionality and to let the user use the standard JMX access-control policies, but this is another issue.