g_get_home_dir() (in gutils.c, which calls g_get_any_init()) gets the
user's home directory by calling getenv("HOME").  If that fails, it uses
getpwuid() to get the user's home directory.  These (imo) are reversed;
$HOME should only be relied upon if the user's home directory cannot be
figured out via getpwuid().  There's nothing keeping $HOME consistent w/
the current user's uid.  For a perfect example of subtle bugs that can
arise because of this:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=116898&repeatmerged=yes

As you can see, sudo doesn't overwrite $HOME, so g_get_home_dir() gets the
original user's home directory, instead of root's homedir (or whatever the
user sudo runs the program as).  The same is true of setuid root (or any
user) binaries.  

Note that this is tested on glib1.2.10, but it appears that glib1.3.4 has
the same behavior.  Whether getpwuid() should be using getuid() or
geteuid() is another question (currently it uses getuid(). which means
setuid binaries will potentially write to the original user's homedir, with
the permissions/ownership of the setuid binary's user).