Yep, I want to rip the "socket" out of the wall-- it is like having a wall socket in a swimming pool. It is extremely poor design. There is no technical or sane reason to require a poorly documented, ill-configured, and ill programmed spyware daemon to run in the background-- just to run a widget toolkit (gtk3). Accessibility in GNOME 2 days worked just fine without making it a mandatory shovel-ware requirement.
As for an exploit-- the whole thing is an exploit factory, just look at the configuration file. All you have to do is disguise your exploit as an "accessibility applet" and you are good to go. There is no technical reason for the spi framework to run by default (or even be installed) unless selected at installation time. Running it is basically running a pluggable spyware kit.
Try this though: Start a popular password program like KeePassX in ubuntu MATE. It starts right up. Close it. Remove/disable the spi daemon from ubunutu-mate, and then restart it. Now it takes 20+ seconds to startup up. It hangs there displaying nothing-- while it tries to connect to "accessibility" spi-ware daemon. Eventually it times out and gives up. The fact that a password manager is configured to talk to spi by DEFAULT-- without me explicitly telling it to, is a major security violation. The fact that I cannot shut this off without recompiling the app from source is insanity. What, you don't want all your passwords "accessible" as a big juicy target? No, not really.
It is obvious to me that the gtk3 policy makers (basically GNOME3 ) aren't happy with competition to GNOME-- like MATE. They are now hiding behind politically correct nonsense like "accessibility" to require you to use the entire pile of GNOME3 bloat, or to abandon gtk3.
Fine my me-- I have begun the process of removing gtk apps from my system.
My solution (at least temporarily) is to use lxQT, which doesn't have this nonsense (and no kaccess running). I may go back to StumpWM and extend it to have the desktop environment features I desire. We will see. But I am done with anything gtk at this point.