+for details.
+.TP 3
+.B Ctrl-Alt-F1, Ctrl-Alt-F2, etc.
+These keystrokes will switch to a different virtual console, while
+leaving the console that X11 is running on locked. If you left a
+shell logged in on another virtual console, it is unprotected. So
+don't leave yourself logged in on other consoles. You can disable VT
+switching globally and permanently by setting \fBDontVTSwitch\fP in
+your \fIxorg.conf\fP, but that might make your system harder to use,
+since VT switching is an actual useful feature.
+
+There is no way to disable VT switching only when the screen is
+locked. It's all or nothing.
+.TP 3
+.B Ctrl-Alt-KP_Multiply
+This keystroke kills any X11 app that holds a lock, so typing this
+will kill xscreensaver and unlock the screen. This so-called
+"feature" showed up in the X server in 2008, and as of 2011, some
+vendors are shipping it turned on by default. How nice. You can
+disable it by turning off
+\fBAllowClosedownGrabs\fP in \fIxorg.conf\fP.
+.TP 3
+.B Alt-SysRq-F
+This is the Linux kernel "OOM-killer" keystroke. It shoots down
+random long-running programs of its choosing, and so might might
+target and kill xscreensaver, and there's no way for xscreensaver to
+protect itself from that. You can disable it globally with:
+.EX
+echo 176 > /proc/sys/kernel/sysrq
+.EE
+.RE
+There's little that I can do to make the screen locker be secure so long
+as the kernel and X11 developers are \fIactively\fP working against
+security like this. The strength of the lock on your front door
+doesn't matter much so long as someone else in the house insists on
+leaving a key under the welcome mat.
+.TP 4
+.B Dangerous Backdoor Server Extensions
+Many distros enable by default several X11 server extensions that can
+be used to bypass grabs, and thus snoop on you while you're typing
+your password. These extensions are nominally for debugging and
+automation, but they are also security-circumventing keystroke
+loggers. If your server is configured to load the \fBRECORD, XTRAP\fP
+or \fBXTEST\fP extensions, you absolutely should disable those, 100%
+of the time. Look for them in \fIxorg.conf\fP or whatever it is
+called.