I'm amazed how both wayland and x11 miss the logical solution: let the user decide.
Any function that is a threat should be behind capabilities.
A program should be able to request moving its windows. The user should ultimately decide what should happen: allow or nah.
And common sense mitigations: if a new program I've never seen before drops an actionable control under my cursor, maybe just default to not immediately accepting the next input to it so I have a chance to see it.