>Under X11, you are basically running every application with root, always.
This is not even remotely true. You are able to snoop on events that use the X server - typically programs run as your user or programs that you have chosen to forward to your X server.
You are correct that the X server gets all events from all clients and therefore can log keys.
> This is not even remotely true. You are able to snoop on events that use the X server - typically programs run as your user or programs that you have chosen to forward to your X server.
Such as your screen locker, your terminal with a sudo prompt in it, or your graphical Apt client?
Well, using the typical argument promoting Wayland, just don't use screen locker, gui terminal, or gui apt, and you'll be fine!
That being said, I've been using Wayland for 2 years, and it's mostly just worked, and worked better than Xorg for many things. Unfortunately I often have to switch back to X for specific applications, but luckily Ubuntu has made that fairly painless. There are pros and cons; the arguments for and against Wayland don't really add much to the conversation, which is sort of an odd state to be in.
That’s true, but doesn’t solve the underlying issue of X11 security. You can patch some individual holes, but you can’t fix X11 to actually be properly isolated and secure (especially as that’d make compositors and DEs impossible to use).
This is not even remotely true. You are able to snoop on events that use the X server - typically programs run as your user or programs that you have chosen to forward to your X server.
You are correct that the X server gets all events from all clients and therefore can log keys.