Consider Wayland

[petRUShka]

Security page of ArchWiki says:

Prefer using Wayland over Xorg. Xorg's design predates modern security practices and is considered insecure by many. For example, Xorg applications may record keystrokes while inactive.

If you must run Xorg, it is recommended to avoid running it as root. Within Wayland, the XWayland compatibility layer will automatically use rootless Xorg.

So it seems that in order to increase security is it worth considering to look at Wayland.

[pigmonkey]

I haven't been motivated to look at Wayland at all. I'd consider a pull request with a Wayland role.