Document security implications
It's well known that X11 forwarding is insecure for the client, and you should only use X11 forwarding if the server is trusted. But it's not clear if waypipe is any different. Should you only use waypipe with trusted remotes? Can the remote server grab keyboard input when the window isn't in focus? Take screenshots? Execute commands? Access the filesystem? I think this should be documented somewhere in the readme and/or man page.