It looks like there are different usability issues with running gtk as root from an ordinary user account:
1. different dconf database ⇒ inconsistencies e.g. in theming
2. file chooser will open removable devices as root
3. different dbus session ⇒ e.g. appmenu won't work
4. drag-and-drop won't work

Furthermore some of the things listed above can be security issues. This affects e.g.:
5. open "Help" → "About" (main menu) or "About" (app menu) from any gtk application. It will open a dialog with an URL in it. If you click it (application runs as root), it will start root's default web browser as root. This must never happen! (see also: https://bugzilla.gnome.org/show_bug.cgi?id=758131 where this happens in gparted).
6. open any application's help (yelp) will run it as root which will run a web browser (as root, again) when clicking on some links.
7. Together with e.g. sudo, graphical applications might f*** up your /home/user directory by files created as root. See e.g. https://askubuntu.com/questions/270006/why-user-should-never-use-normal-sudo-to-start-graphical-application

On XWayland graphical applications run as root will fail to start anyway (see https://bugzilla.redhat.com/show_bug.cgi?id=1274451, especially comment #3).

See also:
https://bugzilla.gnome.org/show_bug.cgi?id=692340

These issues clearly show that gtk+ and Gdk were not designed to run as root. Some of its underlaying stack is explicitly designed to not require being run as root (e.g. gvfs, parts of gio). And think about all the other libraries gtk uses (canberra, freetype, pango, cairo, libpng, cups, pulseaudio, gstreamer with all its plugins, …)


What could be done about that?

A) Fix running Gtk as root. Fix all the code it depends on. Educate all developers to always have in mind this code could be run as root. Do some audits or code review, and do that on a regular basis.
This is the only way Gtk+ can claim to support running as root in a good way. This would include a horribly lot of work. I don't see enough devs around to do that.

B) Strongly discourage anybody (developers by documentation, users by warnings on console and on GUI) to run Gtk applications as root. Suggest alternatives like splitting up front-end and backend, with backends authenticated using policykit et al.

C) Extend B by allowing Gtk applications to run as root only if some specific code was run. Just like you introduced g_irepository_require(), maybe extending its syntax. Deprecate running Gtk+ applications as root without specifying this flag. And after some time deny running without it. Documentation (as in B) is still required for those few people who won't stop running Gtk+ as root.

D) Maybe even stop running as root at all.

Comments? Ideas?

PS: Please point me to somewhere else if this is the wrong place to put these thoughts in.