Light-locker easy to circumvent when using two separate Desktops

Hi,

I am using multiple monitors and experienced a serious security problem in the new version of Light Locker as of Ubuntu 14.04. I have a setup with two separate screens on one X server - see my attached xorg.conf. Usually, I log in on the first screen to an openbox session and start a second "Lubuntu"-session on the second screen using the following command:

DISPLAY=:0.1 startlubuntu

To lock the screen, I point my mouse to the second screen and press ctrl+alt+l which locks both screens (blanking them) and prompts for the entry of the password on screen0. So far so good and this always worked in the past flawlessly. Now, the problem is that since Ubuntu 14.04 this can be easily circumvented, here are the steps:

- log into openbox session
- start Lubuntu session on another display
- lock the session
- switch to the text console (ctrl+alt+f1)
- switch back to the graphical desktop

Expected behavior:
- screen the unlock dialog appears as usually on screen 0 and screen 1 is locked/black

Actual behavior:
- the session on screen 1 is *widely open* and screen0 has a black screen with the text: "this session is locked. please wait a few seconds for the unlock prompt to appear"
- after a few seconds, the screen1 is blanked and the unlock screen appears

An attacker can easily do whatever he wants on screen1 and has in principle unlimited time for that because after the unlock screen appears he do again the switch to text console and back and again has a few seconds to *resume* his actions on screen 1.

As far as I remember, this behavior was different in Ubuntu 13.10 and prior releases.

Possible workarounds:
- use a different screen locker (e.g. xtrlock, xscreensaver)
- turn this delay in lightlocker off (is this possible?)
- fix this annoying bug, screen1 should always be inaccessible in locked state.