alt Hacker News> X11 was a security disaster.
This only matters if you compare properly sandboxed apps, otherwise an app that runs with your uid can still do harm and practically indirectly completely compromise the system..
Are most flatpaks _properly_ sandboxed? Of course not.
And X11 always had a mechanism for isolating clients as well, i.e. trusted and untrusted clients. Nobody used it because it was irrelevant before sandboxing.