A more secure method would be to reserve an area of the screen for displaying labels. This area would be off-limits to client drawing; the server itself would be responsible for drawing the labels as the input focus changes from window to window. This scheme is employed by Solaris Trusted Extensions for X .
Secure input, input event labeling, and trusted path are areas that need addressing. However, the input subsystems in the X.org X server are in a state of churn as new features are added. For example, recently improved device hotplugging support was added, which has resulted in deep changes to the server. Other proposals on the table include support for multiple concurrent mouse pointers and new ways for selecting input focus on windows for use in 3D environments. This author does not plan to study the X input model in depth until development has settled down.