I toyed with some ROM code to change the /area folder to public_html/area/
What kind of security risk does this run, if any? I want builders to be able to just download their areas. I don't care about normal people being able to download them, just don't want it to compromise my server.
What kind of downside would there be to running the entire mud in a web accessible folder?
Security would depend on the strength of the web server. The downside would be having multiple places of attack that could damage your system. Security is only as strong as your weakest link. What web server are you running?
I think that it would be Very Bad if players could browse each other's files, even if passwords were hashed in md5 form. But you were asking just about the area directory. Well, if you don't mind random people downloading area files, then sure, why not?
Depending on how you put the area files in the web space, you might have to make sure that you can't do things like: www.yoursite.bla/area/../src/comm.c – whether or not that is possible will depend on how you put the files there, what your webserver does with symlinks (if you used them), if you used rewrite rules instead of symlinks, etc.