It's still slightly problematic for me. To prevent the re-activation of DMA, I have to disable the Guest account. Unfortunately, this also disables the "Find My iPhone" application. I would like to have both. Is there a way to have the Guest account, but not let people log into it when the machine is locked?
EDIT: Got it. It reactivates the Guest user when you turn on the "Find My" feature, but you can deactivate Guest user afterwards.
Note that this isn't necessary. If you have full disk encryption enabled, the machine will reboot (to a limited OS) when the Guest account is requested.
For Firewire. What about for Thunderbolt?