More secure authentication options
It would be good for 'simple' installations if the login password wasn't in plaintext in the burpui.cfg file. By 'simple' I mean one where there is no LDAP on the network.
One option would be to use salt+hash, but a better option would be to be able to authenticate against 'local' users. I know this is specific to Unix-like systems, but the burp server has to run on such a system anyway. Note that using 'local' users doesn't mean that those users actually have to be local users in /etc/passwd. Many people use samba and winbind to manage network users, but these can still be authenticated via the local login facility (i.e. they have local logins, even though they are domain users).
I believe there is a python module called 'python-pam' which makes this easy. https://pypi.python.org/pypi/python-pam