Wayland advocates often complain about “security” in x11. One of the complaints is how you can have a keylogger without sudo privileges (for example xinput can do this).

This video shows xkbcat, a keylogger for x11 being restricted to windows it owns only, preventing keylogging. Bottom right is xkbcat running in a terminal and top right is a window it owns. As you can see, it can only see keys that were input to a window it owns. This method allow certain programs to get global key access, such as the window manager, so it doesn’t break systems running x11.

This was done by modifying a few lines in the xserver (although xace could also be used). This is backwards compatible and x11 clients dont need to be modified in any way.

With these methods, x11 can be more secure than wayland without sacrificing usability because you get a proper permission system instead of putting everything into large centralized programs so those small programs can have restricted execution.