TCP/
IP and Pipes are rather indirect communication methods in the context I described above, as the other side has to expect and accept the connection and must explicitly read the data. SendMessage and PostMessage (and all these nice input emulation functions) usually force an action in the application, as most applications delegate most window messages to the default window procedure and there should never be a need for a service to control a
GUI application like that. And if just showing a window falls into that category, starting an application which shows a window should fall into the same category.
However, as in a correctly configured environment any application should be properly installed by an administrator and write-protected for an interactive user, there shouldn't be as much of a problem as I initially thought. I'm just thinking that the service can never know if the application is the one it seems to be or not, maybe I'm a little paranoid in these things. Read too much about threat modelling in the last weeks, I guess