What is the difference if the PipeWire socket is read only?

Non malicious flatpaks don’t have any reason for rw access to socket file. Nobody proposed blocking that yet so it isn’t blocked. If you want to contribute then you may send PRs to relevant apps adding :ro to socket files permission. After all apps are fixed then you may propose enforcing that to flathub.