>> The secure GUIs rely on, for example, windows titles being correct even in the case of a hostile client.
> A very poor assumption, if you ask me.
Uh? If the window manager is in the server, that's not such a bad assumption!
For example you can divide your applications into trusted and untrusted one, the window tittle being very different in both cases..
With CSD, obviously you can't do this.