Update 18th July 2009. If you want to read actual desktop environment developers (i.e. people who who know loads more than I do) discussing this vulnerability, then this 2006 thread from a Xorg mailing list may interest you. If you want to see the proof that it actually works, then go right ahead and read on.
I tried to ask questions about this on a forum and got banhammered for it. But never mind. I did a bit of research into it and discovered that a few people have already documented this possible vulnerability, and that it is somewhat legitimate. People love to say that the biggest security threat for computers is the users themselves, which is fair enough. Who needs to craft a drive-by download when you can just get the users to click on naked_chix.jpg.exe all by themselves? Linux makes it difficult, but not impossible, for malware to take hold, but it pays to be aware of the dangers, however slight they may be. I don’t personally believe that there is much of a threat at all, and the particular exploit I’m about to describe isn’t very special or clever, either, and can only affect a small number of people. The only thing that is somewhat interesting about it is that it can get root access without drawing attention to itself.