Yes, I'm concerned with security too.
Till: I guess admin can be limited to see only snippets created by himself. This will require an extra column for each snipped (owner/creator).
Regarding stability problems, Is the issue worse with nginx than with the .htaccess tricks that can be done on apache?
Rockdrala: I understand the snippet is limited to the virtualhost running the snippet. Could you make an example of a snippet that will break stuff outside of the virtualhost (i.e.... dos or resource of xss?)