I like the idea, Magnus... though personally I suspect IPs by default, and found myself wishing for a way (other than convincing them to log in) to make the (seemingly about half) 'good' IPs not show up on 'hide logged-in users' RC.
So working off that, I'd say a three-state setup: default, suspect, trusted. Sysops start out trusted, everyone else at default. Recent Vandalisms (Recent Suspect Changes? We do need a better name...) would list all non-trusted IPs and all suspect logged-in users.
Just my thoughts.
-- Jake