Probably the most major difference is that the ColdBoxProxy skips parts of the ColdBox lifecyle.
http://wiki.coldbox.org/wiki/RequestLifecycles.cfm
Outside of that, you are correct, you could create a proxy API either way.
Curt Gratz
Computer Know How
It seems clear that no solution is going to please everyone, so I
guess that means the framework shouldn't build in anything.
I do think that means that the default behavior in this regard should
be documented, with some possible alternative strategies described.
I know what I'm going to do for real apps -- Den's solution, with no
cfms or cfcs except Application.cfc and index.cfm in the web root.
It's simple and clean, with virtually no risk or overhead. It does
require some web server setup, a mapping, and a split my source code
that I haven't done before, but that's the trade-off I choose to make.
I think. Will know for sure when I have time to actually implement it
and see how it goes.
And I guess that's the point, that everyone can handle this however
they choose, once they're aware of it. For some reason I expected the
framework to manage this core bit of security, but I'm good with it
just being mentioned as a possible concern.
Dave
You can do this with application specific mappings.
If you have access to dirs below web root, you can point app specific mappings to it with a relative exandPath()
Mark
@Den: Do you have to do anything special for ColdBox to auto-discover
the stuff in your src directory? Or are you just pointing all your
conventions to dirs inside there?
@Mark: What "this" were you saying could be done with app-specific mappings?
Dave
I was talking about storing your files off the web root, and being able to access them via an app specific mapping.
Make more sense?
Mark
In general, I like to explicitly point my conventions where they need
to go. While in development these are mappings, but when I go to
production, the sources from the mappings are compiled and placed in
the WAR. Not that I need that kind of optimization, but it's fun
anyways. =)
I've got a cfdistro (cfdistro is the tool I use to build/deploy CFML
projects- bunch of ant scripts mostly) ColdBox example deal I've been
meaning to publish for a while now, which I thought I'd get out last
week, but I ended up playing with CFEclipse code instead. Maybe this
week! 
If I do get it out, I'll holler here, as it is an example of much of
the stuff I was talking about.
:Den
Awesome!!!
Maybe also an entry on forgebox: www.coldbox.org/forgebox
Luis F. Majano
President
Ortus Solutions, Corp
ColdBox Platform: http://www.coldbox.org
Linked In: http://www.linkedin.com/pub/3/731/483
Blog: http://www.luismajano.com
IECFUG Manager: http://www.iecfug.com
if it is on forgebox, anybody can install it from their ColdFusion Builder or vanilla coldbox templates via the forgebox module.
Luis F. Majano
President
Ortus Solutions, Corp
ColdBox Platform: http://www.coldbox.org
Linked In: http://www.linkedin.com/pub/3/731/483
Blog: http://www.luismajano.com
IECFUG Manager: http://www.iecfug.com
That is slick as snot! I'll surely give it a go. =)
:Den
JE, never heard that reference before, but it surely almost got some real snot out of my nose.
Luis F. Majano
President
Ortus Solutions, Corp
ColdBox Platform: http://www.coldbox.org
Linked In: http://www.linkedin.com/pub/3/731/483
Blog: http://www.luismajano.com
IECFUG Manager: http://www.iecfug.com