Probably one of the most unknown and poorly documented features in X is the
ability to use the file /etc/X0.hosts (or X#.hosts where # is some higher
display number) as a listing of remote hosts that are always allowed to export
their displays to your desktop (as a way of not having to run "xhost +hostname"
every time you re-start X).  Using this configuration file means you don't have
to use a sudo or root terminal to run xhost, and gives one less reason for
someone to run the very dangerous option of "xhost +" to leave their system open
to *all* remote systems.

The problem with X0.hosts as it currently works (from what little I've found on
it) is that you have to re-start X in order for the file to be read.  If you add
a hostname to the file, there is no way to dynamically re-read it.  What we need
for future versions of the xorg server is for it to either periodically re-read
the configuration (configurable in the xorg.conf file?) or a way to call a
re-read manually (something like "xhost --update").

It might even be useful to expand the flexibility of it.  A trick I use on my
suystems is to create an /etc/Xall.hosts file, and then symlink the X0.hosts
through X<whatever>.hosts to it.  An alternative would be to make a systemwide
defaults file which would work for all display numbers, and thus allow different
configurations per display (securing the console, or limiting VNC connections
would be some uses).  Additionally, configurations per user could be a future
consideration.

Yes, SSH tunneling is a better solution, but many times it's just not an option
when connecting to legacy systems.