That "security issue with Wayland" is really loading an untrusted .so file from your home directory, which is exactly what running apps in KVM VMs instead (as the article proposes) would fix. So yes, it's a good idea!

In addition, the author states that similar techniques would also work on Windows and Mac, and any platform without sandboxing... which would include most installations of X, unless there's something I'm missing.

Aye, there's like 3-6 ways to inject code into applications on Windows, and then LD_PRELOAD (and equivalents) and attaching as a debugger on *NIX platforms. There's no way a display manager, audio server, etc. can protect themselves from clients from code injected into them - outside of completely disabling these functions that allow it (and certainly have valid use cases, if much less often than illegitimate ones).

All installations of X. X has no sandboxing. What most of these clickbait articles or concepts fail to mention is that at the very worst, you can get the same level of access that was possible before the sandboxing was added.

If an app has write access to your home folder, it has root. But with flatpak and portals, its realistic that direct home dir access will no longer be a thing for most apps.

Good point. I was imprecise in my wording.

I meant that most operating systems using X as the display server are not going to have application sandboxing.

I'm pretty sure the top level comment here was just FUD, although I assume it was well intentioned, just misunderstood.

This is not a wayland security issue. This is the equivalent of calling a car key lock insecure just because someone can drive your car when you give them your key.