I think, web applications are already a security nightmare, even without people thinking further outside the box than web developers already do on a daily basis.
So my answer woud be: no! 
That said, to be honest, I’m not entirely sure what you mean by (B). Why not give a few concrete examples of what you’re actually trying to achieve? That way, maybe some of the developers here can offer some ideas on how it could realistically be implemeted, while still keeping the IT managers happy.