> If it's not enabled by default, nobody will use it because it won't get testing and bugs won't be fixed.
Sorry for the harsh words, but this is the LAMEST possible argument you could make. If it was useful for someone people would use it. If it's not used it's because it's not useful, so we're all better without it.
This strategy did not work all that well for GNOME, please do not repeat this mistake again.
> Only a very limited set of applications has to be "locked down" in the Wayland/Weston case. Any "classic" application won't even notice the change.
Nope, you got it wrong. Take virtual keyboards, for instance. Currently they are not possible in Wayland because it has been decided that the compositor should not touch input in any way, applications receive it directly from the kernel. This decision effectively locks down _all_ applications, even those for which input integrity is of no use.
> With GUI applications, everything runs under the same user
This does not need to be this way.
> Without MAC (Mandatory Access Control) there is no confinement between applications from the same user.
And that is, the ability to pass information between applications, is what makes them useful. What we need is a mechanism to confine _selected_ applications.
> Again, people will naturally choose the easy way over the hard way.
True. Also, people chose what works over what does not.