Adding node.js and react on the user interface may open up security issues
If it's not running in a sandbox, I'm worried about issues like these: http://arstechnica.com/security/2016/04/noscript-and-other-p...
Plus it's not open source so we can't check for vulnerabilities.