Bernanahan pointed out the Reflection() thing may break down in large code bases simply because it does force you to put a lot of junk in the header which = lots of recompiling. Yeah, that's the biggest problem with all template magic junk, it might be crippling on game engines. My apps still take just a few seconds to compile so I'm not sweating. Also if you're really gonna use Reflection to define user-editable values you probably want ranges & descriptions and lots of other metadata. Of course you can do this in the Reflection system but it starts to get ugly and the pros & cons swing more towards a custom markup & parser system.
Sholz wrote about my security ramblings. I'm a total newb on this stuff, I just figured out how to hook & scrape to get the info I need. Anyway, he's more in on the whole rootkit and anti-rootkit crowd which is a big field I guess. All the anti-rootkit people basically know that Windoze is hopelessly insecure, so the thing they do is scan for hooks & patches, and/or take measure to prevent them from getting installed. So then it becomes a war of getting around each others' blocks & hiding from each other. It's quite impossible to make a Windoze box secure - all you can do is make it secure from current known attacks, and make it difficult to write new attacks that aren't blocked/detected. (this is assuming the attack is invoked by running a user process - it's possible in theory to block all remote attacks if all your interface software is written well and bug free).