Application with diferent user's credentials may send keyboard events to applications running in the same desktop emulating user input.
vulners.com/securityvulns/securityvulns:doc:9647