Wait, web sockets? Why not regular old sockets? Why not restrict it to Unix domain sockets so that only authorized users can talk to the iTerm instance?
Controlling my terminal emulators through a browser is like managing processes with Doom: something that, while interesting and certainly shouldn't be precluded, I am unable to think of a use case where I would actually do it. Making web sockets the scripting interface for a program that in most cases you do NOT want to actually expose to the web a) makes no sense; b) is a security incident waiting to happen.