Personaly I would say err on the side of security. About the only time I use the HTTP and FTP daemons are on a corperate network. By leaving this requirement in place it adds an extra layer of security by making someone know the proper commands to issue to write to the unit. In addition it would be nice if you did have to issue a SITE RW to flash the kernel as well.

Perhaps add a switch in the config.ini to enable auto SITE RW RO commands.