I gave this talk at LPC 2012. It promotes the idea that programs layered on top of human-centric interfaces is a bad idea.
http://groveronline.com/wp-content/uploads/2014/09/all-plumbing-needs-an-api.pdf
The timing of this post with the announcement of the most recent bash vulnerability is not entirely coincidental.
I understand what are you explaining, but please readers, don’t take this to the extremes. I personally don’t want, for example, that NetworkManager replace their call to the OpenVPN command and link to some kind of library inside the NetworkManager process. I want that process isolation to remain in place.
How about an out-of-proc API like D-Bus?
This is one of the reasons that setuid binaries are annoying. Some kind of daemon that exposes services through an API is much more easy to work with from within another program.
I saw this approach once in a great OS! What was its name? Doors, maybe?