Why would you run your node on someone else's computer?

The same bytes that could theoretically trigger the detection can be (and probably already are) in witness in existing blocks. I just don't see how this argument has any weight.

I wouldn't trust a node running on a cloud provider VPS not to be tampered with, but that's besides the point.

If it turns out someone can kill all cloud provider hosted bitcoin nodes in one go by transmitting a virus payload in an OP_RETURN they should definitely do it.

If nothing else it would be an interesting stress test for the health of the network.

I doubt it would have much effect though, it's been a few years since I worked with AWS, but they didn't nuke ec2 instances left and right because of virus/botnet payloads being on disk. They nuked ec2 instances for tons of other reasons though 👌