Comment 43 for bug 1652282

How is not properly setting up the session, and preventing root from showing things on the display, "for security"?

root, by definition, has the ability to do anything anywhere on the system. Including reading and writing other users' files; reading and writing the memory of processes (and FD's and environment and ...) from other users, etc. Adding extra steps is not security, it's just making things more difficult for users.