From a security perspective, this description scares me a little. There is a big difference from code executing in a trusted environment vs code executing in an untrusted environment. Not sure a clear approach on the "correct" way to manage this issue has come out from these cross platform products.
Edit: Note, this is a double edge sword (do I as a user trust the code dynamically loaded at run time?) but I was referring to it from the perspective of the operator (what methods executed must be correct and can't risk being modified in execution).
I don't think it's so bad if you have a clean server side API that enforces your business rules. The application code can then be run anywhere.
I assume you'd write code for client side execution (i.e. don't fetch unneeded data, reduce round trips) and get the the server side excecution and a battle tested public API for free.
This seems similar to the approach Parse is promoting with their service.
Edit: Note, this is a double edge sword (do I as a user trust the code dynamically loaded at run time?) but I was referring to it from the perspective of the operator (what methods executed must be correct and can't risk being modified in execution).