But maybe I'm missing part of the picture?!
Yup, you are!
Ah, it is now dawning on me that your concern are pages on the toolserver which the user could be lured to over the reverse proxy address. Well, you are right, we can construct a potential treat from that. But I wonder whether this has enought impact to really harm wikipedia. Don't you think this would be discovered fairly quick? What about limiting the reverse proxying to a number of trustworthy users? For example I'd give Magnus Manske or Gregory Maxwell my login credentials anytime (I'd give them to me as well if I didn't already have them ;-) ).