[neindanke]

> by setting the display to someone else's terminal.

Bad sysadmin probably put xhost + in the main xinitrc.

Common rookie mistake, but don't blame X for that weakness.

[vetinari]

We did something similar, but it was years before xauth and xhost.

It also wasn't anything malicious, just a prank, when you run xeyes on someone else's terminal. They would laugh a little and then continue with their lifes. Nothing serious, requiring sysadmining.