What is the difference if the PipeWire socket is read only?

Flatpaks access the PipeWire socket via filesystem access to xdg-run/pipewire-0. Of course, this grants access to audio playback and recording, as well as screen capture. But I’ve noticed that, the majority of the time, Flathub maintainers request it be marked :ro.

Some apps, like Discord, WiVRn, and GPU Screen Recorder are exceptions. All three of these have video related functions, like Discord’s screensharing, so perhaps that’s why. Except it’s not, because apps like Fluxer and Steam have it read-only, and their screensharing and recording functionality is fine, and Discord has no issues read-only either in my experience. There are also apps which directly manipulate streams, like EasyEffects, which have no write access. It’s also seemingly not an instance of older apps just not being updated yet, as there are relatively new apps where this was not questioned, like ossia score.

There’s obviously a distinction, since it’s frequently requested to add :ro in manifests… but what is that difference? What does having write access to the PipeWire socket let you do? Is it more dangerous in any way?

I have searched “pipewire” on this forum, on the GitHub flatpak and flathub organizations, and “pipewire” “ro” on Google, and opened every single result. I have not been able to find any information about this, or even anyone questioning this before me. I feel as if I must be missing something obvious. So I’m asking here, in hopes any answer I might get will be publicly documented should anyone follow in my footsteps.