Regarding item 4, seriously, does everything these days have to have a web interface? It just increases the attack surface. Adding a web interface means one more thing to protect against hackers, which means writing rules for the WAF or adding something else for fail2ban or sshguard to watch.
Most services have a "reload" and "restart" in the service command. It really isn't a burden to use them. The burden is to have yet another means to restart the service. Personally, I viewed the XML setup as a feature since it is self documenting. My preference would be for better sqlite support. That is add and delete users from sqlite3 rather than mysql.