>>102830662
He's incorrect. It depends on the compositor and how it chooses to enforce permissions. Wlroots compositors pretty much do not care about security at all, KDE's KWin has several privileged protocols and they're enforced by the .desktop entry, for example KDE's Spectacle has:
X-KDE-Wayland-Interfaces=org_kde_plasma_window_management,zkde_screencast_unstable_v1
Without this it'd be unable to use the zkde_screenshot_unstable_v1 protocol even if it were compiled into the app.