Extremely carefully.
Think about it: You have to run the compiler on the web server (since you can't be sure it exists on the client). Then you have to execute it on the server (since you can't execute on the client - that is what virus scanners and firewalls are there for).
Do you
really want anyone in the world running any code they like on your webserver? Because (and you can trust me on this) I don't.
Suppose one code line is the equivalent of:
File.Remove("c:\\*.*");