If you run liquidsoap on a machine, either you trust all users and you can open a telnet server (by default it's only opened for 127.0.0.1 but you can open it more if you trust your LAN). If you only trust some users, you can use a socket (it's a special file, and offers the same permission mechanism as all files). In other situations, you have to create an agent (some sort of proxy) that has the permission to run server commands and delegates it according to your own logic.
It seems that you are in the third situation: can't you trust your web application to only allow server commands on the liquidsoap instance corresponding to the logged-in user?
I know it's a cheap answer to delegate everything to the user. But I'd like to eventually re-design the whole server thing (this will take some time, but I'm not even sure how I wanna do it). The less I work on it, the less work I loose when I redesign it. That being said, please try to convince me, it could at least be useful to the new design.
Wont fix, see