These days less of a problem. Message injection/sniffing between applications in different contexts doesn't work. Unless you're the administrator, in which case it is game over already.
Right, well as you point out, nowadays Wayland is default on major distributions like Rebecca Black OS and some minor players like Fedora.
In any event, when a user is compromised, it's lol Windows. But when Yahoo is compromised, is anyone opining security in Linux? Or are these social engineering hacks?