X11 security is...weird. There's no reason, in 2015, not to use SSH to access it, and kudos for doing it that way, but the difference between ssh -X (X11 forwarding) and -Y ("<i>trusted</i> X11 forwarding") is not what it seems; remember that "trusted" in this context means a component with extra privileges. In short, because you probably trust that Raspberry Pi, then ssh -Y is the correct option to use. But don't rely on "trusted X11 forwarding" to protect you from a remote machine you <i>don't</i> trust: it has exactly the opposite meaning. If you use trusted forwarding to an untrustworthy machine, it can more easily hurt you thereby.<p>Edit: the reason has to do with snooping on keystrokes, <i>e.g.</i>, snaffling your online banking passwords from another window.