About that "read-only" switch for Solr: one of the basic HTTP design guidelines is that GET should only return values, and should never change the state of the data. All changes to the data should be made with POST. (In REST style guidelines, PUT, POST, and DELETE.) This prevents you from passing around URLs in email that can destroy the index. The first role of security is to prevent accidents.
I would suggest two layers of "read-only" switch. 1) Open the Lucene index in read-only mode. 2) Allow only search servers to accept GET requests. Lance