>you want to be able to have one application take over the screen and not let you do anything else, without that you couldn't have 'screensavers' that are also session locks. Kiosk mode for applications could not be done, etc.
IMO this belongs in the compositor, not as a separate application. Screensavers / screenlockers are fragile and buggy on X right now .
If the (Wayland-style) compositor handled screen locking, then, if the compositor crashed, you're still secure -- the whole session goes away.
 See, for example, the old bug where funny key combos caused the screen to unlock.
 On the machine I'm typing on, sometimes the password prompt is completely invisible, and it's quite common for the unlocked screen to flash above the screen locker when DPMS comes back.
That being said, I mostly agree with the rest of your comments. File descriptors might be a nicer way to handle permissions than magic cookies, though.