[creatonez]

> The only security benefit I see is if you're running sandboxed applications and you want to connect them to your display server

This is a mundane and common way of doing things, now that Flatpak is common and major sandboxing bugs in most popular packages have been fixed.

Also, all major web browsers already come with their own built-in sandbox for web content, and a great deal of complexity is spent outside of this sandbox making sure the process can actually print rendered page content to the Xorg screen without also being able to take over the entire Xorg server. For many years, Firefox ignored the problem and had a sandbox that doesn't prevent an RCE from keylogging Xorg. This was only fixed in Firefox 99, but like Chrome, this implementation had to be overly complex to support Xorg, so it risks introducing new attack surface. This complexity can be eliminated by Wayland and Pipewire.