X11 security is...weird. There's no reason, in 2015, not to use SSH to access it, and kudos for doing it that way, but the difference between ssh -X (X11 forwarding) and -Y ("trusted X11 forwarding") is not what it seems; remember that "trusted" in this context means a component with extra privileges. In short, because you probably trust that Raspberry Pi, then ssh -Y is the correct option to use. But don't rely on "trusted X11 forwarding" to protect you from a remote machine you don't trust: it has exactly the opposite meaning. If you use trusted forwarding to an untrustworthy machine, it can more easily hurt you thereby.

Edit: the reason has to do with snooping on keystrokes, e.g., snaffling your online banking passwords from another window.

That's good to know, thanks. -X doesn't work at all using the Raspberry Pi. If you have any insight, I'd love to figure out how to get it working with -X, but all my attempts are unsuccessful. Granted, I haven't spent too much time with X11 and its brethren since college.