The "Collection of currently loaded collections" needs to have a name, a class with methods, etc.
Same goes for "The collection which has a collection and a subscription and a transport info"
The way that topics are being used for saving events is confusing. A lot of it can be replaced by simple method dispatching
Complete transition to Dojo-based package management. Move all code to appropriate and sensible homes within the code
Move to static css. Get rid of dynamic styling as much as possible.
Make page resizing craziness work correctly
Only resize calendar on page resize
Work with PPD on edge cases (very small, very big)
Move all pages (pim, admin, etc) to unified page layout (right now, we have separate logic for creating the admin page nav bar and the pim nav bar).
Shore up CMP security situation:
Don't store password in a cookie (duh). Instead, store something that will allow us to get the password given either a) a time-based nonce from the server side or b) some details about the user's current execution environment that XSS attackers could not grab
Only store password in cookie between page loads using window.onunload. This should guard against XSS attacks.
Shore up security on server side? Right now, once we figure out the password on the client side, we send the password in plain text (cause it's Basic auth). Could we avoid this?