Limiting a eB Web Application for public Use.

We are wanting to create a web application that is safe to deploy in the DMZ.  The main use will be so that predifined quicklinks will be able to access a set document class.  We have done the following to make the web application more secure in the DMZ.

1. We have set the web config to AutoLogin in with a defined user that only has access to view the set document class.
2. We have removed all of the eb.PlugIn references except the following
3.         <add class="eB.PlugIn.DocumentManager.PlugIn" assembly="eB.PlugIn.DocumentManager" />
           <add class="eB.PlugIn.CoreObjects.PlugIn" assembly="eB.PlugIn.CoreObjects" />
           <add class="eB.PlugIn.Core.PlugIn" assembly="eB.PlugIn.Core" />
           <add class="eB.PlugIn.QuickLink.PlugIn" assembly="eB.PlugIn.QuickLink" />
4. We have deleted the Login.aspx page
5. We have deleted delete.aspx from …\PlugIns\DocumentManager\Shared

What else can we do to the web application to make it more secure?

I also had the following questions about the quicklink output.

1. Is it possible to keep the Actions Frame from even displaying when using a quicklink or a web application?
2. If 1 is not possible it possible to remove the action items in Red from displaying in the Actions Frame of a web application.
3. If 2 is not possible is it possible to limit the functionality highlighted in red from being possible through permissions and security.  The one that I am having difficulty limiting is "Add Note".

Thanks for your help in advance.