This is the kind of thing that makes server-side js more compelling - bridging the language gap between the client and the server.<p>This particular approach seems to have some security implications though. What's to prevent a client from sending malicious code to the server?