I think you're missing the forest of his argument through the trees of the details you quote.
It's oftentimes really dangerous to expose the raw stdin/stdout to the web. The point is that this by default has none of the usual safeties associated with making a program web-accessible. It's dangerous.
This doesn't make it a bad tool. It just means you need to be aware of the downsides.
If he said, "it's dangerous to connect a non-Web-aware program to the Internet", I'd agree.
Except he didn't, he said, "Problem is that it requires that the app handle all the security aspects of talking to the Internet", which is not unique to applications using this daemon, or even to applications using WebSockets.
It's oftentimes really dangerous to expose the raw stdin/stdout to the web. The point is that this by default has none of the usual safeties associated with making a program web-accessible. It's dangerous.
This doesn't make it a bad tool. It just means you need to be aware of the downsides.