i still have kind of a bad feeling regarding the fact that you have one machine that can gain control over all your other machines (cloudmin server that is).
I thought about it and could imagine one way to make cloudmin root access a bit more secure, eventually im just paranoid tho :)
Would it be possible to allow Access to cloudmin web ONLY if there is an IP matching connection to SSH established? So that would mean if i like to admin my cloud - i need to make an ssh connection to that server, keybased for example and with another username but root - my IP is registered that way and i can than login to cloudmin as root user.
Or would that be just too much hassle to integrate. If you make this an choosable option i think it would please some admins and dont affect those that dont care about it :)