Absolutely. But is unexpected for me at least. But thinking of it, maybe you can log everything and if something bad happens you can blame the origin IP who ever that is. You can also ratelimit the outbound conections to avoid abuses etc. Is not like an open wifi where the client doesnt leave any trace at all. But in the shell account days IIRC you had to register with your name/email etc to use the service, that provided internet access. Maybe that didn't imply any safety either.
Here's an example: https://repl.it/repls/RustyInsecureEngines. I don't have any previous examples that I can find, as I don't usually use it while logged in. Essentially, I use it to help customers out when they're having issues integrating my API product. Real easy to create a repl and send them a link.
Didn't notice you were the founder, nice. I'll check out the link.
Semi-related:
I've been wanting to give my customers the ability to write/deploy their own webhook handlers, because that's a big roadblock for those that don't have any web/server experience.
Been thinking it'd be cool to embed a repl for that (with a "starter" handler per-language), to handle editing/deployment, but I haven't dug too much into that to see if it'd be possible.
Been meaning to reach out to your team but I keep putting it off. Like I said, love your platform and been fun watching you grow. :)