When you work with a programmer on a web-based project, there are two possibilities: the program may be executed on the server or on the browser.
The program may be executed on the server, with the web browser providing the user interface. This is routinely provided under the name "CGI scripting."
CGI scripting works well in a situation that will involve a modest number of simultaneous browsers. If too many people run the program at the same time, the server system will be brought to its knees, slowing down or even preventing the presentation of other web pages from that server.
The CGI program may execute on the server with the identity of the web server, in which case it will have access to a great many files on the system. In such a case, there will need to be appropriate precautions to ensure the integrity of the system.
The CGI program may execute on the server with the identity of the individual authorized user who wrote it. In this case, the CGI program will have access to all files on that server that are owned by that user, including, for example, any personal E-mail files that are kept on that system.
Translating program source code (ASCII text strings) into machine language instructions (binary code) can be done in advance ("compiled"), at execution time ("interpreted"), or partially in advance and completed at execution time ("pre-interpreted"). These three strategies differ in their efficiency as measured by execution speed of the program, in their portability among hardware and software environments for program development, and in their portability among hardware and software environments for program execution.
If the source code is part of the HTML, then the browser must be able to interpret that source code so as to execute the program.
If the program is referenced by a URL, that file must be brought down through the network from the server and executed.