Ultimately, X11 opens up everything. What you suggest (WaylandX) is essentially allow-by-default.
When this is the case and there is a supply chain attack, what you think is a trusted application (and therefore not running under "WaylandX") can very well keylog you or take screenshots of your desktop without your consent.
In a deny-by-default model ala Wayland, applications will have to ask for permissions before they can do something considered to be privileged.
When this is the case and there is a supply chain attack, what you think is a trusted application (and therefore not running under "WaylandX") can very well keylog you or take screenshots of your desktop without your consent.
In a deny-by-default model ala Wayland, applications will have to ask for permissions before they can do something considered to be privileged.