Wayland is a lot more secure and the way it handles clients is a lot more sane in todays age, but thing is, it is a hell of a lot more complicated if you come from a window manager background, and your choice of applications is incredibly small. Sure you can run a lot of your stuff in XWayland, but what exactly is the point of running wayland if you are going to run less secure X apps with 94% of the same vulnerabilities?
X is less secure, but the security of your system from the outside is far *faaar more important than the security on the inside. Only when an intruder actually infiltrates your system do you have a real concern, and that’s only talking about remote access. Physical access given enough time is root access.
A lot of people tout X as being considerably more bloated than wayland which is why the project is basically in maintenance mode, wayland is definitely a lot quicker than X, but X has many reasons including support from literally every single linux application out there, something wayland is very likely never going to acheive even with XWayland.
X is inherently less secure due to the fact alone that, given enough time, new vulnerabilities will come out that will not be patched because X11 is EOL. Yes it has a different security model, but that security model is not very well implemented because X has an enormous code base that, at the end of the day is still not bug free (nothing is). There is a lot of legacy code contained in X that legitimately does not even have a function because there is nothing around today to use it.
Larger codebase = more moving parts = more code to exploit. That’s the benefit to wayland aside from active support by the X/Wayland devs.