What I understood?
It shares some code between client and server as both are in javascript. eg: form validation.
How does this work? Can the shared code be seen from the browser? If yes then it becomes easy for an attacker to find loopholes in our code. Since the same code is being executed in the server side the attacker can pass through the server side validation too.
Are there any drawbacks or security issues if we follow this approach?
Yes. Since the only language that executes on clientside with any reliability is JavaScript, and since node.js is the only JavaScript serverside framework, node.js is the only way at the moment you can achieve this. (Java could also do it with applets, but pretty much no-one is using those any more.)
There's several JS projects that already use isomorphic principles - more here.
The only drawback is that you're severely limited in your choice of technologies, as described above.