noexec might prevent those from being run but I’m not sure.
That would give a very minimal security gain and is mostly useless. An attacker could easily just pre-compile their stuff or bring their own compilers.
It could be moved elsewhere. Shouldn’t be too hard. Edit by Patrick: See Tor Browser vs NOEXEC - Where should the Tor Browser folder be placed?
There’s a RHEL hardening presentation that gives a good idea of what mount options to use and where to use them.
The mount options are at page 15.
Noexec on everything possible
Nodev everywhere except / and chroot partitions
Nosetuid everywhere except /
There is also a section on the CentOS Protection guide and Arch Linux Security guide about this.
https://wiki.centos.org/HowTos/OS_Protection#head-73cf15dd0e0cdf531bfc263e6694c79664962622