Name one other serverside language which routinely sends the serverside code rather than the HTML? Unless you are saying this is not inheritently a problem with PHP but with Apache?
Do you think I could have a look at your code to learn from it? I won't necessarily use it if you don't want me to. I just love your idea and would love to see it work! This method fascinates me. Could I see it in use somewhere? Where did you use it?
If your live handshanke authentication server goes down yes, they will not be able to login until it comes back online... Awesoem bandwidth? Not really you are are sending maybe 30K of encrypted SOAP data for the handshake. Additional Headers? Absolutely - you should use WSE 3.0 on the wire encryption - directly incorporates into ASP.NET 2.0 now and it can even use X509 Certs!
Sharing accounts is more difficult because things like IPs are not static and many people have access to more than one pc