Hi Chris,
I like the idea in general, in particular the fact that only "established" editors can ask for the tokens. What I don't get is why this proxy should be run by someone that is not the WMF, given - I guess - it would be exposed as a TOR hidden service, which will mask effectively the user IP from us, and will secure his communication from snooping by exit node managers, and so on.
I guess the righteously traffic on such a proxy would be so low (as getting a token is /not/ going to be automated/immediate even for logged in users) that it could work without using up a lot of resources.
Cheers,
Giuseppe