It's a huge security risk. Background service typically runs at higher level of privilege. Letting it expose a UI element opens up a huge attack surface. Other much less privileged processes can send messages to its window. An old trick was to send SetWinEventHook message to a service's window to hook an event callback in a dll. The dll is run in the service window's process and thus with its privilege. Privilege elevation achieved!
They could simply check that only processes with the same privilege could communicate this way... not to mention the desktop user on Windows is usually the owner and has administrator privileges anyway.
Security context is not passed with Windows massage passing. Message passing is mainly for UI and requires all of the performance it can get. Checking access for every single message is too expensive. Just like TCP connection doesn't carry security context, you don't know what privilege the caller has.
Named pipe carries security context. That's why newer Windows requires background services to close off all outside contacts except named pipe, so the service can control the access level.
