It was found that jabberd through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a "kill -TERM `cat /var/run/jabber/filename.pid`" command. References: https://bugs.gentoo.org/631068
As far as I can tell this does not affect Fedora as the PID files are not used by systemd.