Weird 5 minute rule, anyways:

EDIT: I'm also concerned about external monitor handling. If I plug in the TV with a D-sub cable, will that still work? Are these part of the DRM ioctls? Who knows...

It's explained here: https://wiki.ubuntu.com/X/Rootless

It mostly comes down to /dev/input/* handling. On single user, one could chown and chmod your way out. You need to do this for the VT as well but that is not a problem. Furthermore, it would require some UDEV handling for plugging in/out devices causing nodes in /dev/input to disappear or reappear.

I might make this a project for my parents laptop and PC. Looks doable, interesting and beneficial.

I might consider creating a privileged user for X and let the default user piggyback on it (setgid might do this) as reported in the wiki. The only thing that would result from an exploit in X would allow one to snoop keyboard/mouse data. But that also the case right now.

yes, every now and then someone proclaimed "rootless X works now!".

but then again (gentoo)

I still wonder why Linux is not doing this for their KMS drivers. Everything is there, right?

One could make an exception for those using nvidia or fglrx and make that run as root.