perhaps im missing your point but it seems if we are talking commercial Industrial Grade ISP web servers then they should have good sandboxing capabilitys and hence no cgi can ever take down the master machine that these virtual web servers are running inside.
for instance:
http://www.zeus.com/products/zws/dynamic.html
"
Secure CGI sandbox
Carefully engineered to minimize fork() overhead, ZWS provides the fastest, more scalable platform for CGI execution. Easy to configure CGI concurrency limits, scalable error logging, and secure
sandboxing prevent errant or untrustworthy programs monopolizing CPU resource or attempting security breaches."
hell, if they initalised the personal sandboxed cgi bin, you could run a simple (yet powerful) self contained rebol script 'web server' inside that, and totally ignore their external installed options, and never worry about bringing down any external app.
http://rebolweek.blogspot.com/
"Cheyenne
Dockimbel's Apache class webserver in
100Kb of REBOL code is now in beta, and being thrashed by beta testers in an attempt to weed out all the bugs.
Cheyenne offers fast-cgi REBOL scripting, and
is resistant to most all the classical web attacks, with 180 requests/second on the RSP test page on an AMD 3500+ processor.
Maxim has now started work on a Remark module. Look for a download url in the near future as the 1.0 release approaches. In the meantime, the RSP documentation is
available."
http://www.rebol.com/news/cheyenne.html
http://www.google.co.uk/search?hl=en...eb+server&meta=
and OC there is now work being done on real virtual PC servers that take the whole generic OS as a read only snap shot, and you mount a copy of that that as read/write and add your own binarys as you see fit , including web servers and all your personal wants if you so wish.and its all sandbox protected.
again, the whole thing can never effect the real IG ISP server hardware to such a degree that its noticed by other users on that hardware (unless they over subscribe that kit OC).