What I am saying is that allowing other user identities in the system access to your device node (whether that is /dev/dri or /dev/nvidia) would seem like it opens the door for programs run by that other identity to make secret picture snapshots of your desktop. As such, it is a sensible *default* that the "boinc" identity is not in the "video" group, or that it otherwise gets access to these device nodes without your explicit manual activation.