Ugh, that's a good point. I don't think AppArmor does any restrictions on X11 use. (I think it supports some fine-tuned controls on dbus usage though, so the idea isn't completely out of scope.) I guess it's better to think of AppArmor like a tripwire than a full sandbox if you open up an app to X11.
Yes, if the tripwire raises an alarm instead of triggering a bomb. A bomb would stop the attacker by killing/injuring him, which is not the case here (he can just come back with X11 exploitation code).