I want to like Wayland, but they've really thrown the baby out with the bathwater. What matters to users is usability and, in this case, compatibility; not theoretical purity. The fact that I had to go seek out a way to run a headless Xwayland session to run Audacity without crashing means that Wayland is not ready for primetime (even if this should theoretically be fixed by Audacity).
Apparently X11 has a security extension [1]. There was a discussion some months ago [2].
Xenocara (X on OpenBSD) improves security by dropping privileges and using features like pledge [3], but I don't know how this affects the feasability of keyloggers.
At the cost of fragmenting the APIs to do any kind of related thing between all the different implementations (and making each one special-purpose as opposed to having a generalized mechanism to muck around with input and output).
