Read only View Mode
Implement a mode disabling administrative features that can be used to power displays and other monitoring services. Not sure if this is possible using standard Linux user permissions or if the app needs to be locked down itself. It should be considered a security risk to have a privileged session running unattended.
In addition to the login option (log-in as read-only) there should be a dashboard mode designed for hands-free operation-- that is, it cycles through different servers and stats, or cycles through different server-specific pages with active monitoring graphs.
This could be implemented as a locked down, separate service instead of rolled into the main Cockpit service. This way, administrators could just install (or configure) a read-only version and not worry about a potential attack vector.