Good point about needing just one delegate to secure a bogus transaction.
I'm not disagreeing with your approach, However this is still more of an ad-hoc solution. My point is that it is hard to update people's clients, so try not to embed that functionality in the main client itself. Instead - open up the RPC, so that a delegate can choose a plugin, and switch between them if needed.
That way you can launch, but delegates can pick a strategy after BTSX has launched. And best of all you would be very flexible. I wouldn't mind developing plugins delegates can use. I already have code that continuously scrapes and saves feeds.
I was proposing a python script as a solution, as it requires a minimal installation and is mostly platform independent. Writing/editing/updating plugins would then be very easy.
The other nice thing about a python plug in (or any script you like) is that it is mostly readable, so it's going to be hard to sneak in malicious code.