I would to suggest a feature which would enable the randomisation of the install directory for the VM install scripts, so that scripts like phpmyadmin would be installed for example:
I know this is security by obscurity, however as I am sure you are aware this would instantly mitigate robots and script kiddies which perform probes against the base domain. Greatly reducing the attack surface from automated attacks.
Using a program like pwgen with up to 14 alpha-num characters would be good.
As an administrator, it would be preferred to force this randomisation option so that it could not be disabled or overriden by the domain administrators at install time.
I would have no problem explaining to my users that this was a security measure to prevent attack. And my users would accept this.
What do you think? Doable?