The permissions are set this way due to design of the product. It's not a traditional file, it's a unix domain socket, and it requires those permissions so anyone can send a request to vasd.
The other file is an internal one, that should go away once used.
The vasd40_ipc_sock is for the world to talk to vasd, and the vasd_<pid> is for one vasd process to talk to another. It is unlinked as soon as it is used on the other side, and should disappear eventually. Or a crash just left it around.
We use ancillary data( see man send ) to validate the sender in case the request is privileged.
Another example is the nscd socket file. Some OSes require 'x' set on it, and it doesn't break anything on other OSes, so we just set 'x' universally.
The socket file is referenced in the init script as a way to know when vasd is up and ready for requests before returning from running a start command.