[p4bl0]

> why would i want arbitrary web pages to be able to connect to all my daemons

Browsers implementing support for unix domain sockets would of course need to completely block such connection from tcp pages and only allow connection to a given socket provided it is the one currently in the url bar, that the current page has been loaded from.

If that's not enough, you can always use the file permission system to block your everyday browser running as your regular user to access the service sockets, and spawn a browser using a dedicated user account (www-sock? just like we have www-data for web servers?) that you only use for this.

> when they could have easily just used an opaque handle that the machine operator can copy and paste into whatever application he wants to use it

Then the point of failure would be the random number generator used to generate the "opaque handle". Security by obscurity never works.