I expect my PDF reader to be secure. If the PDF format is too complex to implement safely then the renderer should be sandboxed in the reader itself instead of preventing me from scripting using xdotool and similar.
And unless you fully sandbox your PDF reader then an exploit is going to have access to your user directory without any display server involvement anyway. X11 vs. Wayland doesn't even come into the picture.
That severy limits the usability and even functionality that programs can implement. If you want a phone os then go use one but don't make Desktop Linux into one.
And unless you fully sandbox your PDF reader then an exploit is going to have access to your user directory without any display server involvement anyway. X11 vs. Wayland doesn't even come into the picture.