I see two major flaws with this approach. First, it's invasive. You have to open an additional hole in your network to allow traffic into the app, which makes your network inherently less secure. Second, unless you do an audit of the source, there are no guarantees as to the security of the app itself. This app of unknown reliability would be acting as a 24/7 gatekeeper into your network.

You could hide it behind VPN, I guess, but that kinda defeats the purpose of secure shell.

#2 also applies to a locally installed SSH app.

Not really. OpenSSH is a battle-tested ssh server. You can be resonably sure that opening it to the world will not compromise your network. Not so of this ajax ssh app. Basically it's a question of exposure. Am I comfortable exposing OpenSSH? Yes. Ajax ssh app? No way. Not without further testing and widespread acceptance.

Yes, really. Your statement was:

" Second, unless you do an audit of the source, there are no guarantees as to the security of the app itself. "

That applies to OpenSSH. Yes, you can trust it more as many other people use it. Are there guarantees (your words, not mine) as to its security? No.

With OpenSSH's recent fuckups, it's a good time to keep that in mind.