If server creates named pipe, it is using NULL DACL via
SetSecurityDescriptorDacl(&sdPipeDescriptor, TRUE, NULL, FALSE)
The documentation for SetSecurityDescriptorDacl() states following about NULL DACL. :
"All access is allowed. You should not use a NULL DACL with an object because any user can change the DACL and owner of the security descriptor. This will interfere with use of the object."