When you take something that wasn't designed with security in mind and try to expand and adapt it, you have a lot of issues. Better to start with something designed for the purpose it is being used from the start.
HTTP is a good example. It was designed as a stateless protocol for transferring text documents with markup. We now rely on it to do stateful transactions for things like shopping carts online and this has lead to tons of security issues since you have to hack on state to a protocol that isn't designed to support it using things like cookies. It would be much more secure had it been designed from the ground up to handle stateful transactions with people.
IP is another great example. There's all kinds of shit in IPv4 that is completely stupid from the perspective of a protocol used on the Internet. Like source routing, where you can specify the routers that a packet must go through, or the fact that you can just claim to be from any IP you want. This is a bad design for a global communications network. However it is that way because IP wasn't designed for a global communications network, it was designed for an ARPA project and it grew. IPv6 fixes a lot of this because it was designed later, around how IP is actually used these days.
Also talking about Xwindows is funny because man you wanna talk security risk, X is a huge. If you have an X server that talks on the network any system on the network can just draw to your local display, and you have no easy way of knowing that it isn't your system. Someone can phish passwords in a very hard to detect way using it. Now of course most distros are smart enough to block remote X using the firewall, and you do something like tunnel it over SSH. However that is a hack, it is putting up barriers around something insecure. If those barriers are bypassed, the insecurity is still there. Better if it were designed secure from the ground up. Then you still put the barriers in place as well so that you aren't relying on any one level of security.
Discontinuing the use of older protocols is a good idea for security, when possible. It isn't always possible, of course, I mean IPv4 is still far and away the most widely used IP spec. But you stop using them when you can (and indeed modern OSes will prefer IPv6 when they have both available).