Thanks all for the input. Sounds like there aren't downsides to sockets, and they are at least as secure. I do have on follow-up question though:
* "peer" auth (OS user == DB user name) is typically the way to go in
I used to have my db and linux usernames match, until this issue came along: http://www.postgresql.org/support/security/faq/2013-04-04/. It specifically mentions potentially increased vulnerability if the names match. So when I set up a new server I had them not match. I know this particular issue is fixed. But are there other ways that having the names match could potentially increase vulnerability (even if not known or identified yet), or am I pointlessly "fighting the last war" by keeping the names different?