Surely if you are allowing non-root eBPF then security of the programs is one of your least worries? Given all the implicit privilege escalation that comes with allowing non-root to spy on everything the kernel does.
Unprivileged BPF is used for socket filters, for programs to BPF-extend themselves. It wasn't ever the case that unprivileged eBPF would allow you to, say, load a TC filter and read everybody's traffic.
Nope. Tracepoint eBPF programs require root to load always. For eBPF you select a program type, and that limits what you can do (aka what helper functions are available to you) and what privileges are required.