Re: No worries...
X's biggest problem stems from the era it existed in. Back in the days when the Internet was entirely inhabited by academics and military people.
Neither of those statements is particularly accurate.
X was a product of Project Athena, and was incorporated into the Andrew Project as well. It was initially used by highly-knowledgeable students at MIT and CMU, who were both capable of and motivated to find security holes (if only for their own amusement). X11R1 included quite a range of security features, and there was much discussion of their relative merits. Don't forget it was contemporaneous with Kerberos, also a product of Project Athena; PA made network security a primary goal.
And while the NSFNet backbone prohibited commercial traffic in the '80s, there were other Internet backbones, and some commercial entities used NSFNet for non-commercial traffic. There very definitely were commercial users on the Internet in '87.
According to the announcement linked to in the article, the '87 core protocol bugs are all integer overflows. That class of bug was not visible as a security issue in 1987 (at least in public discussions; who knows what the spooks might have been up to?).
Prior to Levy's "Smashing the Stack for Fun and Profit" article in '96, stack-smashing in general was not broadly seen as a major security threat - despite the Morris worm using a stack overflow as one of its attacks. (There was a perception that stack-smashing was too difficult to leverage in general.) Integer overflow attacks, as a special case of stack-smashing, didn't become prominent until the early 2000s.
Biting the hand that feeds IT
