Wayland is a lot more secure and the way it handles clients is a lot more sane in todays age, but thing is, it is a hell of a lot more complicated if you come from a window manager background, and your choice of applications is incredibly small. Sure you can run a lot of your stuff in XWayland, but what exactly is the point of running wayland if you are going to run less secure X apps with 94% of the same vulnerabilities?
X is less secure, but the security of your system from the outside is far *faaar more important than the security on the inside. Only when an intruder actually infiltrates your system do you have a real concern, and that's only talking about remote access. Physical access given enough time is root access.
A lot of people tout X as being considerably more bloated than wayland which is why the project is basically in maintenance mode, wayland is definitely a lot quicker than X, but X has many reasons including support from literally every single linux application out there, something wayland is very likely never going to acheive even with XWayland.