I've seen this page before but actually thought it to be fairly basic. What about topics such as moving wp-config.php outside of public_html, renaming the wp-admin folder, and automattic's position on some of the various 3rd-party security plugins?
One thing I don't understand, is why I can't access the admin over SSL if the Wordpress domain isn't the Apache SSL domain? For example, I can't go to https://example.com/domains/mydomain.com/wp-admin/ without getting a failed redirect. This is a major annoyance, as I can't set up another SSL site on the server without leasing another IP.
Moving wp-config.php outside of the public html folder is easy. Just do it. WordPress checks the main root level and one level above for it automatically. No configuration needed.
Renaming wp-admin is not currently possible. This is slated for future versions though.
And the reason WordPress doesn't use relative URLs is because it uses a rewrite system for most of the site. With the permalink system, most of the URLs don't actually exist as real directories, but are simply indicators to tell WordPress what sort of things you're looking for. Now, I grant you that this is not the case for the admin side of things, which uses direct links to files and the like. Those links there, however, are relative.
However, the reason the admin redirects to the right URL is because of the secure cookie handling. Cookies in WordPress are carefully controlled as to which URLs they are sent to, they're not just indiscriminately sent to the whole site. If you're using SSL Login and Admin, then the login cookies are only sent to the SSL side of things, and only to requests in the admin directories, etc. Other cookies are sent to the normal non-SSL side, which will identify you for login purposes, but not allow you administrative access. All this careful cookie handling means that the correct domain must be present for everything to work. It can't work through some other domain that it doesn't know about.
Moving wp-config.php out of public_html is mentioned on that page, section 9. I think renaming the wp-admin would probably break more than it protects.
Don't get me wrong, I love WordPress. And I can't stand Joomla. But Joomla works completely off relative URL's so it doesn't have to know it's location. The links work no matter what domain you put it on. You can access the CMS through example.com/~myusername/domains/joomladomain/ or myusername.example.com/domains/joomladomain/ or joomladomain.com/ and it will for fine every way. Which means SSL will work without a dedicated IP address. This would be awesome.
One thing I don't understand, is why I can't access the admin over SSL if the Wordpress domain isn't the Apache SSL domain? For example, I can't go to https://example.com/domains/mydomain.com/wp-admin/ without getting a failed redirect. This is a major annoyance, as I can't set up another SSL site on the server without leasing another IP.