[..]
what about using 3.8p1 PLUS:
(quoted from Bug#236936, Colin Watson)
Starting with 3.8, you need to set ForwardX11Trusted if you want to
affect other X clients. From ssh_config(5):
ForwardX11Trusted
If the this option is set to ``yes'' then remote X11
clients will have full access to the original X11 dis-
play. If this option is set to ``no'' then remote X11
clients will be considered untrusted and prevented from
stealing or tampering with data belonging to trusted X11
clients.
The default is ``no''.