All X servers, including Xmanager, have a vulnerability that allows unauthorized X applications to access them. This can allow unauthorized users to record keystrokes and take screenshots of the Xserver. You can read more about this vulnerability (cve-1999-0526) here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-1999-0526.
...