Import/link of community software is necessary but difficult.
Changing the base can cause a lot of problems. Changing to python3 is a big thing, and I thank Yorik to do the hard job to inspect all the code.
To port the 3rd party products will be a task for somebody else ...
I have worked on a lot of php platforms.
In TYPO3 an extensions is killed on a syntax error or a runtime error. There is a good security support
MOODLE (may be it's now better) crashed completely. This was a nightmare for the admin, one error during the time, when a examination of students was running - and you are stoned.
As long as FreeCAD is a standalone program there is no problem.
compile, run the regression tests and when okay you can deliver.
Otherwise debug, make the next test case ..
But Computer Aided Industry is so complex, there cannot be the Singing Ringing Tree.
So how to make the system open and secure?
I think its worth to discuss about this. There should be concepts, how components can communicate in a secure manner. And we should have these concepts running before problems turn up.
I think this is not a specific problem of the cad query module (I have to change my sources too), but in general.