Immediately:
* Remove connection/socket leaks.
* Support server-side (client-to-proxy) SSL connections.
* Configuring SSL support, like certificates and keys.
* Configuring access control policy.

Some easy protocol support:
* Support APOP.
* Support STLS. 

Some extensibility support:
* Support gateway proxies based on username maps.

Some sysadmin cake:
* Configuration interface besides CLI.