Easy javascript question - calling a property of type function by name?

Looks good - just some ideas:

• A simple way to make the arbitrary code execution a bit more secure is to hash it with a hidden value: if (hash(receivedCode+"MyRandomPhrase")==receivedHash) eval(receivedCode). There's already the sha256 implementation in Espruino that would handle that I guess.
  
• If you ever did want to execute code off the SD, I wouldn't use require. I recently sorted out new Function() so it'll take arguments, so you can do: return (new Function("wifi", myCode))(wifi) which'll execute your code in its own scope, but with a variable called wifi.
  
• For some things you might want to stream something to the output from code that is larger than the RAM you have available (see 'Transferring large amounts of data' in http://www.espruino.com/Internet) - Simple example is where you have a big Uint8Array of historical data, but turning that into comma-separated text increases the size by 3-4 times. It might make sense to pass the http response into the handler - you could always detect whether the handler returns anything - if it does you just send it as you do now, but if it returns undefined (or null?) you just leave the http response alone and assume that the handler has taken ownership of it.