Not a huge deal since X11Forwarding is usually disabled by default.<p>It is another reason for best practices of just-enough infrastructure -> smaller attack surface: disable unused features and ship server daemons with sane defaults with minimal features enabled.