Not really happy about commiting this as I fear it could be used against a site maybe.
In any case Id like to see a fully optional setting rather that the str_replace getting run on every single featured link.
Its a good idea, and I hope it helps others Incedentally I recall a IRC conversation relating to similar similar but using a iframe on a wiki page and called require_once('tiki-setup.php'); to get the $user available in that script.
Id favour this second method personally. as I think its more secure for both tiki and your called script.