I would prefer not to go into too much detail here, and would refer any reader reader looking for detailed information to the other FAQ's in relevant newsgroups. (comp.windows.*)
One point I will make is that X is one of those packages which often generates "Incompatible Usage" security problems, for instance the ability for crackers to run xsessions on hosts under accounts with no password (eg: sync), if it is improperly set up. Read the question about unpassworded accounts in this FAQ.