Executing code safely
Being able to execute people model code safely is very important if it is going to be shared. Cross site scripting (XXS) is the problem. Fortunately there are quite well documented way of preventing it. This is in part thanks to the popularity of sites like js-bin, js-fiddle, codepen etc. who have popularised sharing code in the browser.
It seems that the common way of preventing XXS is to execute the code in an iframe. To prevent to iframe from access the top level window it is served from a different domain. The browser effectively sandboxes this different domain iframe for you. These is also a sandbox attribute on the iframe. This iframe is then used to generate a dynamic inner iframe that display the results of code. Messages can be passed using cross domain messaging.
Running the CNC machine
GRBL still needs the G-code commands sent to it. This is done through a serial connection. There are so called 'universial' G-code senders but writing some code to send serials commands should be fairly trivial. There could just be a machine running node connected up to several machines barking out commands. This machine checks and lists queued job on the MAKEIT database and can then select and run these jobs on the CNC machine.
Some downsides of using GRBL are that it's limited to the Atmega 328 chip, because of specific optimisations they have made. Although it is capable of making decent cuts it maybe isn't powerful enough to take advantage of higher end stepper drivers and motor as it runs at a lower frequency. As it operate as a black box theoretically it should be easy to replace with something better and more powerful later on, if needed.
The intension is for all the software to be open source. This means that anyone could download it and have there own personal design center. There will be a publicly available app to use hosted on makeit.co.uk and a MAKEIT workshop. What makes this accessable is that the design server, database and cache can either all be run on the same machine or different machines. If the public app become mildly popular it might run several servers for each. The software is designed to run off two or even one raspberry pis just as much as several high end servers. For each machine you download all the source code and choose what to run.