I was thinking of creating something that would allow running untrusted newLISP code (think serverless, function-as-a-service et c) as a CGI, only allowing to act on submittes post data and do calculations and spit out the result.
Now, with pledge() and newLISP running in a chroot already, the idea may some day come true.