I don't understand why we don't just lock screens by switching to a different virtual terminal running a different X server. If the lock screen doesn't share an X server with the user session, a lot less information can leak. This entirely-separate-session approach is what Windows uses, and it works great there.
It's a separate desktop, but not a separate window-station, let alone a separate session. The clipboard and atom table are not separate, because they belong to the window station; and a session is something rather different on Windows NT.
