My educated guess is that this is a massive problem for AV's, as they operate across privilege boundaries (user->SYSTEM, but I can even think of remote scenarios) and implement tons of file parsers, often from third parties. I hope I can look into specifics soon...