> You just mount search engine, route planning tool, or even shopping site and echo commands into the ctl file.

I hadn't thought of this - was more thinking on the user union mounting, say, google.com/bin into their bin directory and running a google operation. The concept of just echoing into a ctl file is really interesting from a security perspective.

Right, in this case there is no remote code execution. Web users run all kinds of code they are unaware of today. It's a major problem.

It also helps to create a certain uniformity and expectation of how services should work.

Mounting a bin directory from some remote servers is a potential vector for malicious code and requires all services to provide binaries for all platforms (arm, x86, riscv,...). Instead, serving the source code and mkfile allows for audit ability (what did I just run?) and support for their own platform. Plan 9 compilers were designed not just to produce optimal code but also for speed of compilation.