tredegar, thanks for confirming.
I had suspected as much. I am sure that it wouldn't be as difficult as hacking the code. I think it involves figuring out the user that owns the login session and using xset as that user.
It is probably not difficult, it's probably not apparent