Baby + Bath water. Reality everything take a breath and go look at sel4. Sel4 program language is C but it does not have the major issues. Why it C with computer executable specification. The specification of sel4 is in Haskell.

One of the issues with C++ is performance.

sel4 C code breaks rules.
The formalisation includes low-level and unsafe C programming constructs like pointer arithmetic and pointer cast.
So yes sel4 C code includes all the things that we call unsafe but the specification verification means none of that usage is invalid so no buffer overflows or other issues like it.

Going to C++ or rust or any other language really does not get away from executable specification if you want absolutely validated. What is special about executable specification is it based on mathematical proof methods. So a mathematical proof can take all possible values into consideration in a single pass. Test casing or fuzzing or user testing is only testing a limited set of values.

Reality is most of the issue is not the program language but the method we have used to quality control what has been coded.

This is not hard coded the core design of the protocol to lock out security features. It is completely feasible to design an extension to implement security policy profiles to address this. What could have fixed this would be a security extension to control which applications if any should be privileged to access which windows. Normal applications can then be constrained to their own window and its children. Some of this was addressed by Xsecurity extension.

I guess you're talking about https://github.com/seL4/seL4 / https://sel4.systems/ , but this is not a language, but it's a microkernel.

sel4 is example of something coded in C that is in fact high quality. Read my text again I did not say Sel4 is a language....

I'd hate to break it to people here but Wayland has potential security problems that eclipse X due to the reliance on direct rendering in applications, and the lack of indirect (network transparent) stream based protocol like X has with with core protocol and GLX. Direct rendering maps video RAM and video hardware interfaces into the applications. This is basically asking for trouble should there be a security problem in the video hardware.

So your giving a much larger body of more questionable application code direct contact with video hardware, whereas the X server traditionally only touched video hardware. With X being a userspace process, it would have been possible to constrain X with a security profile using something like apparmor, with fine grained security controls that give it access just to the hardware resources it needs.

All large C programs have security problems. The problem is C, not X, and speed-fanatics who think that everything needs to be written in dangerous C code for that little bit extra speed. Wayland also is written in C, do not assume it does not have the same problems. Wayland and X.org were written by the same people.

Also, Wayland does reinvent the wheel. There is no point in it. Performance profiling has shown virtually no speed improvement of Wayland over X. Everything Wayland was sold on can be done with double buffering and verticial synchronization extensions to X and by the already underway work to port X.org to an OpenGL/DRI/EGL backend itself. This would fix visual artifacts.

As for legacy features in X, the sensible thing for that would be to have a runtime flag to disable those features and break out legacy support code into runtime loaded libraries for this purpose. Thus if you dont use an app that needs the legacy feature, you dont have to load the code that it uses. These legacy features are not great in number, usually some 2D graphics primatives and some older font APIs.

Its important to note that the problem with the older graphics primatives was they were not powerful enough, most apps now need a rich set of 3D graphics operation. The traditional X protocol provides far, far too few primatives, OpenGL apps need a much richer set of primatives. Wayland apps do use a vast number of OpenGL primatives, which have to make it to the video adapter, it doesnt provide the option of isolating apps from the video hardware however, due to the lack of an indirect protocol.

The rest of the X.org code base can be fuzz tested and scanned with security tools to spot possible problems.

So, one by one, all of the arguments for Wayland can be debunked.

There are issues coded into the X11 design core. Major difference between X11 and wayland.
X11 uses strings in a lot of places that cause security issues.

Like here char *display_name;
Under wayland this will be a file handle.