Just to clarify, security is dependent on the security of Blender itself (which AFAIK was not designed to handle REALLY untrusted data being rendered)? Or does bitwrk sanitize blends before rendering? If I can figure that out, I will gladly join the network as a provider of computing power.
It's a valid point. Python scripting is obviously disabled, but Blender is not engineered for security. I recommend running workers on dedicated hardware or in a VM. Additionally (or at least alternatively), create two dedicated user accounts: one for the BitWrk client, and one for the Blender slave.
Looking at how small BitWrk still is still in terms of user base, chances of being attacked are
very small, though.