tramp doesn't require running anything on the remote server, it's more like using sshfs.

But if you find an exploit that will run by simply editing a file in emacs, you could put that file on the server and

Yeah, I know. I'm not talking about tramp. What I'm saying is that you could do precisely the same thing vscode does, probably without adding any new code to emacs, as long as the client and server architectures matched. The client would just send its own elisp interpreter across the wire and run it, giving itself a remote repl you could have it run anything in.

That would, of course, be just as terrible an idea as when vscode does it.