It would be nice to be able to specify in the ini file if the application should run as an alternate user. While this wouldn't benefit the application when being run as a non-root user, I would imagine that most people running this in a server environment are doing so as a daemon type process.
So just as Apache starts as root, but then often changes it's process user id to that of www-data or nobody, perhaps similar functionality can be obtained here using os.setuid/setgid based on some configuration settings the app:main section of the ini file.
I'd be happy to work on a pull request for this if desired. My company is moving to using this application and this will be installed on a dedicated developer server. I plan on implementing this as a daemon process served through an Apache Reverse Proxy, but need to ensure it is running as the locally created 'hg' user, not as root or another user on the system (which are all AD users using Likewise).