Take any other language with a web framework---Ruby with Rails, Java with Play/Spring, any web server which exposes a CGI interface, Python with Django/flask/whatever---and you will find a colossal amount of framework code behind the simple "hello, world!" demo.
Web apps are complex things, especially when the framework has to account for common cross-cutting concerns and patterns elegantly and succinctly. The fact that the JS ecosystem with NPM exposes that complexity to the user directly with an (albeit massive) node_modules installation isn't a strike against node per se: other languages have this code too, they just don't stash it all in the same folder as your project.
If you want to criticize the JS ecosystem, doing it on the basis of sheer SLOC downloaded by an `npm install` isn't too great.
We can talk about the quality of these packages, or about code review standards, or about the unique challenges auditing code from many sources for bugs and security problems. But talking about how the framework code gets installed seems counterproductive.
I wouldn't agree with that---media players are often fed untrusted content from the Internet, so a security issue in a shared media player API can be critical. See the Android StageFright vulnerability from a few years back.
Writing it in C for a marginal performance gain just isn't worth it.
I'm a student, mainly using GCP for hobby/hackathon projects, and to teach myself.
I am massively excited about Cloud Run's free tier---for someone with a budget of zero, being able to get a project off the ground and functional without paying through the nose if you forget to turn down some service is incredibly useful. Getting an unexpected $40 App Engine bill at the end of the month isn't fun.
I'm definitely going to check Cloud Run out as a go-to for future projects--it looks like a really good fit for my use case.
I mean really, what's the difference? They can access that file at any time they want anyhow---as long as they only send it to their server after user consent, I'm really failing to see a problem here. Making a copy of one file they can already access to another place they can also already access isn't really violating anyone's privacy. It's what they DO with the information that matters.
I'd say that the massive investment is necessary because of how uncomplicated this particular system is. Without a large, sprawling, and well-funded project backing it, a simple (and probably far more reliable) solution can lack credibility when compared to more complicated alternatives.
Wolfram Language uses almost this exact syntax—function application looks like f[x,y], but in all other respects, it works like a LISP would.