I think a lot more people will base their projects (admin- and front-facing) if PHPMaker included protection against Cross-Site Request Forgery (CSRF). It is a little difficult to implement and it could probably be done via server events but it is very complicated.
Thanks for a great product!