strings ScreenSaverEngine | grep "^-" you'll see an option called -idleCheck. All you have to do is modify your global system crontab(BACKUP FIRST!!): sudo vi /private/etc/crontab to execute the ScreenSaverEngine with the -idleCheck switch every 1 mins or some divisor of the total number of minutes your screensaver is set to activate _on_your_root_account (activate root, login, setup screensaver, logout, deactivate root).
Now after the activate timeout, your locked screen will display the screensaver in front of the Login Window. Pretty cool, huh? I don't think this will compromise security, but some of you others more knowledgeable of the Core Services and such will have to let me know.
[robg adds: I haven't tested this one, as my root account isn't enabled, and I have no intention of enabling it...]

