AF_UNIX sockets are exactly how the Docker daemon exposes its API at `/var/run/docker.sock`, how X11 clients talk to the display server, and how systemd's D-Bus implementation passes messages locally, all chosen specifically because filesystem permissions on the socket path double as an access-control mechanism. The `SCM_RIGHTS` file-descriptor-passing feature mentioned here is a real production technique: privilege-separated daemons like OpenSSH use it to hand a already-opened, permission-checked fd to an unprivileged worker process.