I wonder if WebAssembly could help accomplish that.
Still, even Rust has a compile-and-execute web service call accessible from the rust-lang home page. If Rust people (who tend to emphasize security) feel it is possible to secure that web service, then I'm inclined to believe them. It may be difficult though.
Actually I think the Rust folks would appreciate any feedback on the security of the service, as long as you don't DoS it or use it to do anything bad. :-)
> "He needs to be running a client-side service, not running whatever someone enters on his machine"
I would say that for the most part, websites such as this don't actually need a real, full-blown %s-lang compiler/VM that actually executes real code on a backend server. It would be enough to tokenize and parse things on the client's side and validate ABNF via JS. This would reduce the costs involved with running such a website, and the attack surface. If you want to get fancy, you could host an in-browser Python VM - but that's an overkill for a website such as this. Also, they're trying to support a fair bit of languages here, not all of which have browser-targeted tooling that could compile and run the code.
Then you end up with a system where someone can arrive at the right answer via AST that you didn't expect, which was a frustration when I helped students with a service like (IIRC) CodeCademy.
Still, even Rust has a compile-and-execute web service call accessible from the rust-lang home page. If Rust people (who tend to emphasize security) feel it is possible to secure that web service, then I'm inclined to believe them. It may be difficult though.