Joanna Rutkowska blogs that this even circumvents the famed NSA Secured-Edition Linux sandboxing of Xorg.
Details all in here.
Biggest ramification is that this is not a bug, but a Xorg design feature!
"If a computer can't directly address all the RAM you can use, it's just a toy." -- anonymous comp.sys.amiga posting, non-sequitir