We've evaluated the situation and decided to implement logout due to inactivity. Security trumps laziness Grin
We're coding it in as I write this and it should be live today after extensive testing.
Solution: make it configurable up to a certain extent, with a tight default session length.