Visible security options

Daniel McPherson has a great blog that's well worth reading. He was also kind enough to give a very detailed reply to a question I posted to him.

It's a question that is often asked, Why can read only users see all the administration options, and how can I stop it?

Read Daniel's answer

For the record, I firstly edited the themes to make all the classes used by security sensitive links hidden. Then I wrote a client-side javascript function that hid the remaining elements by searching for them through the DOM. Then, for administrators to be able to make changes, I wrote a script that undid all the 'visible:hidden' changes. I made the function available in the 'Modify Page' drop-down by editing the XML fragment embedded in the page that determines the contents of the menu (also with client-side script). To finalise, when administrators clicked the option in the menu, a cookie wound be written to remember their setting.

Believe me, that didn't all happen at once! :-D

Probably about 2 weeks of messing about to get to the final stage... but it's still a messy way of doing things. A cleaner solution is needed. Anybody know what it is?