This is a topic that's come up before (here, here and here), but I've just been digging in to this and thought I'd bring it up once more.
Basically, it would be very desirable from a developer convenience and security perspective if Shopify could pass along the ID of any authenticated customer when proxying application requests. I've written up a detailed post on how I'm currently handling authentication, and its drawbacks here: Securing customer pages with a Shopify app proxy.
Would love to see a Shopify Dev chime in here with some feedback.
Author of http://gavinballard.com/mastering-shopify-themes/ and http://bootstrapforshopify.com.