You can use Xephyr or Xnest to sandbox an untrusted or insecure application within its own X11 instance. This gives you the exact same kind of security property that Wayland happens to enforce out of the box for its clients, except that it need not apply to basic desktop components such as the window manager or the desktop panel. You don't even need Xlibre or anything, this stuff has been around for ages. It's not rocket surgery!
Xephyr or Xnest sandbox break screensharing, global shortkeys.
You've just confirmed obvious. No way to improve security without breaking changes. And you demand mostly nontechnical users to blacklist applications. That's a recipe for disaster.
> Once you enable XLibre namespaces filtering it breaks screensharing, global hotkeys. Obviously. It is breaking change.
Ah, the classic moving of goalposts.
I'll bite: It is far from impossible, and already solved elsewhere: Most applications do not need such functionality.
For those that do, provide mechanisms to request and facilitate access to such functionality when needed. Like portals do for other functionality. And a wrapper to request automatically for e.g. old binaries without source.
API is contract. API grants access to screen content, key presses. Users blame Wayland for breaking this contract. Both Wayland and XLibre namespaces brake it. Lunduke mob unable to reason, claims "moving goalposts". Lunduke mob claims improving security is not needed. Lunduke mod wants Linux desktop to be malware can. They claim security improvements for everyone (like defaults on Android) is corporations taking away their freedom. Lunduke mob unable to comprehend Wayland started by XOrg developers who knew X11 flaws. They unable to be thankful for people bringing security to modern expectations.