Here's an interesting approach to application security from F5 Networks using their Big IP device (which was insanely expensive last time I checked):
http://www.f5.com/solutions/technology/securing_enterprise_wp.html?CMP=KNC-GoogSiteNtwk&gclid=CLuEguDO2IsCFQQRYwodll4haw
The only issue I see here is more complicated application testing and debugging. It will be harder to pinpoint errors.
I haven't thought it totally through and it's late but seems like this is a network device and should focus on network issues.
The concept of what they are doing should be done by every application however and perhaps and application framework is best suited for these things. Perhaps you could use a combination but I worry about the maintenance consequences of this.