unbound-control: general question

Hello,

as far as I understand the unbound.conf(5) the communication between unbound-control and unbound itself
always require the setup of an TLS connection. Is this also true when we setup control-interface as a unix socket.

But we could set
   control-use-cert: no
   control-interface: /path/to/socket

My question: how much less secure is such setup?

Thanky for ideas...
Andreas

Basically as secure as access to the socket. If only root has access to it
then it is just fine (at least on Linux) because kernel will enforce access
control.

If somebody manages to get around MAC in Linux kernel you have bigger problems
than Unbound configuration