I'd personally make it so they can't access rw.php......
they have to be accessing it via index.php :) other then that very very nice :)