I remember SGIs having incredibly poor security, at least with IRIX 5.x. Authentication for X11 was totally non-existent in the default configuration. If someone was logged in from the console, you could pop windows up on their screen (and sniff the keyboard) from remote.