Simply a "bad idea" with no qualification to that statement whatsoever?
Afraid I have disagree entirely.

This hint is perfectly fine if you're using it on a private (not office) local LAN - eg at home, and, of course, you are behind a firewall.

If you're worried about the outside world getting to the listening port 6000 on your machine... what the heck are you doing connected to the internet without either a firewall or NAT sitting inbetween?

Anyone who knows enough to understand networking and ports and X11 and how to perform this hint (and is using remote-forwarded X11 apps in the first place), will have enough of a clue to know they shouldn't use this on an open LAN and will also know you should always be behind a firewall or NAT.

I agree that the number of cases where this hint is a good idea are relatively few; better in many cases to use ssh -X.
However for people who DO know what they're doing, this hint is invaluable (I've known about it for ages) and absolutely vital for the right people to know - hence why it's great someone shared it here.

NB it's also probably not the best idea on laptops, where sometimes you're on a secure and private network, but other times you may not be.

I DO however completely agree that this hint should have included a disclaimer/warning about the security risk involved, for people who are not already aware.


As for me, my LAN at home sits behind a hardware NAT device and THEN behind an OpenBSD firewall (pf) configured in paranoid mode. The only other machines on my LAN are my machines (and none run windows, let me assure you!)
Is this hint still "really bad idea" for me?
If there's anyone else undetected on my LAN I've got much bigger worries than X11-app keystroke recording...!

NB... it is quite clear on this forum that many of you forget that many Unix veterans (and network security people) also use OS X.
This forum is for *everyone* who uses OS X, not only for users who don't have any understanding of network security...

It'd be nice if people remembered that some of us in the audience here are capable of looking after our own network and OS security and don't need the blanket alarmist responses that so often appear with the more technical hints! :-)