adds some notes

src/Umbraco.Core/Services/MemberService.cs

@@ -867,6 +867,10 @@ namespace Umbraco.Core.Services
         /// <returns><see cref="IMember"/></returns>
         public IMember GetByUsername(string username)
         {
+            //TODO: Somewhere in here, whether at this level or the repository level, we need to add 
+            // a caching mechanism since this method is used by all the membership providers and could be
+            // called quite a bit when dealing with members.
+
             var uow = _uowProvider.GetUnitOfWork();
             using (var repository = _repositoryFactory.CreateMemberRepository(uow))
             {

src/Umbraco.Web/Routing/PublishedContentRequestEngine.cs

@@ -3,7 +3,7 @@ using System.Linq;
 using System.Threading;
 using System.Globalization;
 using System.IO;
-
+using System.Web.Security;
 using Umbraco.Core;
 using Umbraco.Core.Configuration;
 using Umbraco.Core.IO;
@@ -518,6 +518,11 @@ namespace Umbraco.Web.Routing
 			{
 				LogHelper.Debug<PublishedContentRequestEngine>("{0}Page is protected, check for access", () => tracePrefix);
 
+                //TODO: We coud speed this up, the only reason we are looking up the members is for it's
+                // ProviderUserKey (id). We could store this id in the FormsAuth cookie custom data when 
+                // a member logs in. Then we can check if the value exists and just use that, otherwise lookup 
+                // the member like we are currently doing.
+
 				System.Web.Security.MembershipUser user = null;
 				try
 				{