How complex would it be to execute a javascript function callback against each published document on the hub instead of a query and return the document to the subscriber if the function returns true?
Not hard at all. We actually had that in early versions but removed it because it's really hard to optimize against functions, and you easily break the hub by injecting long running loops.
Plus queries are the power of pubsub.io. Queries can be indexed and compiled on the fly, so hubs scale very well.
If you really need funcions, you can fork the project and I can point you to how to add them.
I'd love to see functions too, and am not sure your concerns are necessarily dealbreakers. Optimization should be easier if you use something like node-burrito for the low hanging fruit, and node.js developers are already aware that long synchronous loops should be avoided in a single-threaded environment.
I think you convinced us to give functions a second look, as long as we can have a good story for auth, i can't see why we shouldn't add them, given the right optimizations are in place. They could be very powerful. https://github.com/pubsubio/pubsub-hub/issues/3