I've started learning Node.js, after putting it off for a quite a while (probably longer than I should have). I still don't know if it contains any evil, seeing as it uses V8 (the CSS, HTML and JS processing engine used by Google Chrome). I haven't looked at the source code for either V8 or Node itself, so can't say if there's anything questionable therein.
One thing I have found is that it's a lot easier and faster to develop and modify a Website using Node than it is using Java or PHP. (I haven't tried doing Web development with Python using Flask/Django, so can't give a comparison). I'm seriously contemplating switching to Node (with Express) for all future Web-based development, even if the hosting costs are slightly higher, despite the fact that I don't completely trust it. After all, if it does do any evil server-side, it won't be on a server I control or will likely access regularly. As for client-side, I can always slap a warning message on the home page, informing users that the site uses Node and that they should proceed to use the site at their own risk. I could even suggest some privacy and security plugins to install to mitigate any potential harm done.
That's all for now; I'm going back to burying my nose in a book or two on the MEA/RN stack ...