Where does this paranoia come from? The kind of attacks cited by Wayland advocates are all theoretically possible but virtually unheard of in practice. In any time in the past thirty years, has there ever been a case of a rogue program in the Debian repos that maliciously spies on the user by exploiting the open and trusting nature of X11? Even if you expand the scope of consideration to applications like browsers getting pwnd by RCE zero days and then doing this, how often does this actually happen? Maybe this degree of paranoia, fear of technically possible but actually extremely rare scenarios, makes sense for targeted individuals like reporters and whistleblowers operating in totalitarian countries, but for anybody else it seems insane. It's like having deadbolts on your bedroom door because you're afraid of somebody trying to kidnap you in the middle of the night, that extra security against such an unlikely threat isn't worth the inconvenience. Except actually, getting kidnapped in the middle of the night is probably a more common occurrence than getting pwned through X11 programs from your distro repos.