Its no different doing it with a web-interface than if he was to just give them ssh access to his server. Permissions can be set, and chances are if someone does get in and do something stupid, it takes what? like half an hour to re-install and set everything back up.

This happens too much on this board. People post asking for help on a topic and everyone trys pulling out every possible flaw. Everything single thing about computer is un-safe in some way. Its just like smoking. We know it kills but most of us still do it.

I would say the idea is a good one, I have been working on the same thing for my site.
This is how I do it so far.

First people must login to a secure part of the site which was setup in my httpd.conf file (I use a secure folder to place my scripts in so theres a bit more security).

After that Users must login to the system from the java script. Once in they have limitted permissions. They can ftp, use lynx, and setup a webpage, plus some of the basic commands are available to them.

The only down side I see, (without getting into security) is the extra load required for the web server to run. By apache can be cut down to run faster if only being used for this script.

You can even set it so they can only do certain things. (Example: one user only has access to edit his/her web files. So i set the shell to mc instead of /bin/bash /bin/mc or wherever it is on your linux distro) when the person logs in they are automatically thrown right into midnight commander. They can not edit/delete/move any files they do not have permisions to.

I also have it set to root can not login anywhere but from 127.0.0.1(localhost)