It seems that, one by one, the MBaaS players are realizing that in order to be "complete" solutions they need to offer the ability to execute arbitrary code on the server. You can see examples of this for Kinvey [1], Azure Mobile Services [2] and Cloudmine [3].
Of course, they all do is slightly differently, and there is generally more sandboxing than what you would expect from a traditional PaaS like Heroku. The danger is that by being more complete, they lose focus on their original mission: to bring powerful app-centric functionality to traditional client-side developers.
I have a solution: drop the normal VM-based servers and instead use WebRTC or some other peer technology so the client (browsers or whatever) talk to eachother directly.
Unworkable because of security you say? Add encryption.
I actually think that not too many years down the line this type of thing will be common.
Of course, they all do is slightly differently, and there is generally more sandboxing than what you would expect from a traditional PaaS like Heroku. The danger is that by being more complete, they lose focus on their original mission: to bring powerful app-centric functionality to traditional client-side developers.
[1]:http://devcenter.kinvey.com/nodejs/guides/business-logic
[2]:http://msdn.microsoft.com/en-us/library/windowsazure/jj55422...
[3]:https://cloudmine.me/docs/servercode/javascript