The PID returned from wl_client_get_credentials is not suitable for authenticating a client. A reuse attack 1 can trick the compositor into inspecting the wrong process. If the wrong process has more privileges the attacker will attain those privileges. The pidfd is queried from connected clients with getsockopt's SO_PEERPIDFD option similar to SO_PEERCRED. To detect PID reuse one uses the PID to probe the process (for example using /proc/$PID/...) and then checks if the process represented by the pidfd has been recycled by sending a signal 2.
It also adds user data to wl_client for a convenient way to store queried properties.
Draft because this depends on some kernel patches.
Also see: weston#206