i’m using piwik since version 0.4.x and development is really impressive. But there is one feature i’m missing.
Right now piwik is using the same url for tracking and for the dashboard (host.fqdn/piwik/). For security reasons it would make sense to have a separate dashboard/backend url. Maybe something like host.fqdn/piwik/dashboard/. The normal url could show a blank page without a login form or any other information. The dashboard url should provide the login form and can be protected with htaccess or an ip rule. Then possible bugs in the login form or the dashboard code could not (so easily) be exploited.