Thank you kindly, StrawberryFride for a patch that:

Enable users to enable only selected methods out of the 
available set of remote methods to restrict remote 
functionality to less harmful methods, such as 
admin_broadcast, or admin_region_query.

OpenSim/ApplicationPlugins/RemoteController/RemoteAdminPlugin.cs

@@ -40,6 +40,7 @@ using OpenSim.Framework.Servers;
 using OpenSim.Region.Environment.Interfaces;
 using OpenSim.Region.Environment.Modules.World.Terrain;
 using OpenSim.Region.Environment.Scenes;
+using System.Collections.Generic;
 
 namespace OpenSim.ApplicationPlugins.RemoteController
 {
@@ -86,22 +87,42 @@ namespace OpenSim.ApplicationPlugins.RemoteController
                     m_app = openSim;
                     m_httpd = openSim.HttpServer;                    
 
-                    m_httpd.AddXmlRPCHandler("admin_create_region", XmlRpcCreateRegionMethod, false);
+                    Dictionary<string, XmlRpcMethod> availableMethods = new Dictionary<string, XmlRpcMethod>();
-                    m_httpd.AddXmlRPCHandler("admin_delete_region", XmlRpcDeleteRegionMethod, false);
+                    availableMethods["admin_create_region"] = XmlRpcCreateRegionMethod;
-                    m_httpd.AddXmlRPCHandler("admin_shutdown", XmlRpcShutdownMethod, false);
+                    availableMethods["admin_delete_region"] = XmlRpcDeleteRegionMethod;
-                    m_httpd.AddXmlRPCHandler("admin_broadcast", XmlRpcAlertMethod, false);
+                    availableMethods["admin_shutdown"] = XmlRpcShutdownMethod;
-                    m_httpd.AddXmlRPCHandler("admin_restart", XmlRpcRestartMethod, false);
+                    availableMethods["admin_broadcast"] = XmlRpcAlertMethod;
-                    m_httpd.AddXmlRPCHandler("admin_load_heightmap", XmlRpcLoadHeightmapMethod, false);
+                    availableMethods["admin_restart"] = XmlRpcRestartMethod;
-                    m_httpd.AddXmlRPCHandler("admin_create_user", XmlRpcCreateUserMethod, false);
+                    availableMethods["admin_load_heightmap"] = XmlRpcLoadHeightmapMethod;
-                    //This handler creates a user with a email, 
+                    availableMethods["admin_create_user"] = XmlRpcCreateUserMethod;
-                    m_httpd.AddXmlRPCHandler("admin_create_user_email", XmlRpcCreateUserMethodEmail, false);
+                    availableMethods["admin_create_user_email"] = XmlRpcCreateUserMethodEmail;
-                    m_httpd.AddXmlRPCHandler("admin_exists_user", XmlRpcUserExistsMethod, false);
+                    availableMethods["admin_exists_user"] = XmlRpcUserExistsMethod;
-                    m_httpd.AddXmlRPCHandler("admin_update_user", XmlRpcUpdateUserAccountMethod, false);
+                    availableMethods["admin_update_user"] = XmlRpcUpdateUserAccountMethod;
-                    m_httpd.AddXmlRPCHandler("admin_load_xml", XmlRpcLoadXMLMethod, false);
+                    availableMethods["admin_load_xml"] = XmlRpcLoadXMLMethod;
-                    m_httpd.AddXmlRPCHandler("admin_save_xml", XmlRpcSaveXMLMethod, false);
+                    availableMethods["admin_save_xml"] = XmlRpcSaveXMLMethod;
-                    m_httpd.AddXmlRPCHandler("admin_load_oar", XmlRpcLoadOARMethod, false);
+                    availableMethods["admin_load_oar"] = XmlRpcLoadOARMethod;
-                    m_httpd.AddXmlRPCHandler("admin_save_oar", XmlRpcSaveOARMethod, false);
+                    availableMethods["admin_save_oar"] = XmlRpcSaveOARMethod;
-                    m_httpd.AddXmlRPCHandler("admin_region_query", XmlRpcRegionQueryMethod, false);
+                    availableMethods["admin_region_query"] = XmlRpcRegionQueryMethod;
+
+                    // Either enable full remote functionality or just selected features                    
+                    string enabledMethods = m_config.GetString("enabled_methods", "all");
+
+                    // The assumption here is that simply enabling Remote Admin as before will produce the same
+                    // behavior - enable all methods unless the whitelist is in place for backward-compatibility.
+                    if (enabledMethods.ToLower() == "all" || String.IsNullOrEmpty(enabledMethods))
+                    {
+                        foreach (string method in availableMethods.Keys)
+                        {
+                            m_httpd.AddXmlRPCHandler(method, availableMethods[method]);
+                        }
+                    }
+                    else
+                    {
+                        foreach (string enabledMethod in enabledMethods.Split('|'))
+                        {
+                            m_httpd.AddXmlRPCHandler(enabledMethod, availableMethods[enabledMethod]);
+                        }
+                    }
                 }
             }
             catch (NullReferenceException)
@@ -1354,10 +1375,10 @@ namespace OpenSim.ApplicationPlugins.RemoteController
             }
             catch (Exception e)
             {
-                m_log.InfoFormat("[RADMIN] LoadXml: {0}", e.Message);
+                m_log.InfoFormat("[RADMIN] SaveXml: {0}", e.Message);
-                m_log.DebugFormat("[RADMIN] LoadXml: {0}", e.ToString());
+                m_log.DebugFormat("[RADMIN] SaveXml: {0}", e.ToString());
 
-                responseData["loaded"] = "false";
+                responseData["saved"] = "false";
                 responseData["switched"] = "false";
                 responseData["error"] = e.Message;