Another problem is that the socket (Sox) doesn't support giving the IP of the client... this can probably be fixed without too much hassle but the reason I worry about this is that it could prevent IP banning.
Everybody I've seen seems to have a dynamic IP. IP banning, then, is useless... unless you're banning a range, which might hurt other players in the same area if there are any. Perhaps banning the account would work, if they required manual activation and/or a unique email address and confirmation. This would keep some users out who just want to be stupid, and would allow you to restrict who joins and who doesn't, in a way, as you could just refuse to activate them if you knew it was them (Reusing the same password or a similar username, for example).