@musicman @geniusmusing That’s mostly #Node.js, which is a somewhat outdated fork of Chrome’s V8 engine. Considering that the browser is the least secure part of modern computers, and the #JavaScript engine is a key part of that insecurity, it is up to each person to decide whether to accept the risk.
Personally, I’m willing to accept Node, but only in a completely separate VM or VPS from other server-side software. Which explains why I never have hosted a Pump.io instance.