Actually, it goes to a lot of trouble not to step on the toes of later versions of KDE, and there are people who have them both installed side-by-each without major problems.

-nolisten is an actual option passed to the X server—your distro may do so by default—to work around a known security issue in some versions. I admit I’d have to look up the details, as it’s been a couple of years since that issue was reported. Recent X versions almost certainly have a patch.

Gentoo works best for me because I’m a control freak. It lets me tune my system in any way I want, and I don’t mind leaving my computer on while I’m asleep so that it can compile its way through libreoffice, webkit, and a couple of browsers. Plus, based on complaints I hear from people using other distros, Portage beats other package managers in every way except speed.

This doesn’t mean that it’s best for everyone, mind you, just that it’s best for me.

There are no open security bugs against TDE that I’m aware of—if there were, I’d expect them to be fixed in the next release. In my experience, the development team, while not huge, is active and competent.

I’ve been using TDE since a little while after Gentoo sunsetted KDE3, and I’ve had no issues. Just make sure your X server is secure—-nolisten and all that stuff—and don’t try to use Konqueror as a web browser (it remains an excellent file manager), and you should be fine.

Wayland is “more secure” than X in that it makes less LAN contact by default and tries to sandbox programs from one another to an extent, just in case some future browser exploit that can copy random swathes of your screen tries to screenshot your password manager or something. There are no active exploits against a correctly-configured X server at this time that will magically vanish if you switch to Wayland, as far as I’m aware—it’s more future-proofing stuff.