You're not really addressing my argument here. Of course Wayland users don't audit the Wayland source code.
I was illustrating why Wayland's security paradigm is important. It doesn't assume all the apps it renders are safe. It can still (and probably does) have security holes, but it is already starting from a much more secure foundation than X11 ever had any hope of having.
Similarly, my web browser probably has not publicly known exploits that I haven't bothered to discover myself, but that doesn't mean I should be OK with using a browser that doesn't sandbox its javascript engine.
I was illustrating why Wayland's security paradigm is important. It doesn't assume all the apps it renders are safe. It can still (and probably does) have security holes, but it is already starting from a much more secure foundation than X11 ever had any hope of having.
Similarly, my web browser probably has not publicly known exploits that I haven't bothered to discover myself, but that doesn't mean I should be OK with using a browser that doesn't sandbox its javascript engine.