Guam is currently started as root, because the filesystem POSIX permissions on certificates, and the ports to which to bind to, are privileged.
The intention is to read in the certificates and keys with privileges, at startup, bind to the necessary ports, and drop privileges handling the actual connections.
In another model (httpd), the listener process maintain their privileges so they are the only processes eligible to write to log files (and not the individual child process that serves the visitor request).