> I can't see a way to usefully constrain random application's behavior such that this couldn't ever be a problem.
Having the display server setting the tittlebar instead of the application is a start with server side decoration. Provided there is a 'secure' way for the display server to have such information of course..
> That's why security-conscious people invented the ctrl-alt-del keystroke combo that can't be caught by applications and which will always present the system log-on prompt.
A *very incomplete* solution, a trojan game could spawn a window looking like a webpage..