[Hampshire] Locking down a gnome machine

Hello all,
Over the past few days I've done a fresh install of Gentoo 2006.1 with
gnome-light installed and the main purpose of providing a locked down
machine for users.
The machine in question is in use at a Student Radio Station, it's
their studio pc that they read messages on and have access to music
utilities.

So far I've locked down a lot of things such as access to tty's,
restarting X and used pessulus to help me along with gconf.

I've also (thanks to dg) removed access to the terminal by the user by
the use the lines:
if [ "/bin/rbash" = "$SHELL" ]; then export PATH=""; fi
if [ "${TTY/vc}" != "${TTY}" ]; then exit; fi
if [ ! "${pts}" ]; then exit; fi

in .bashrc and
if [ "$(TTY/vc)" != "$(TTY)" ]; then exit; fi

.bash_profile


This has allowed the user to still log into gnome and any attempt to
launch a terminal instantly closes it. I have also removed xterm &
gnome-terminal and hard masked them (this might be removed now that
terminals close themselves)

Firstly I'd like to ask if anyone can see any holes in my security
config and then I'm asking for any more recommendations to lock down
the machine.

One loophole I can see is that a user can create launchers still,
hence they can create launchers and launch programs. One thought of
mine around this is to change ownership of Desktop to root and stop
them modifying the desktop.
Though it's a bit rough.

Another thing I'd like to disable is the ability to edit the
applications menu, but a user can still right click on the main menu
and select edit menu.

Cheers for reading my paranoia.