See, I told you that you were over-thinking this. Let me explain a bit about the underlying mechanism to help you understand.
When the ssh client makes a connection to the host where you want to run the X client, it creates a tunnel for X traffic. It does so by telling the ssh server to set $DISPLAY to localhost:xx, and to then set up a process to listen on that IP port. When X client applications run, they obey the setting of $DISPLAY, and try to connect to the server identified by $DISPLAY. Since the ssh server is listening to that IP + port, it receives all of the requests, and sends the traffic back through the ssh connection, where the $DISPLAY variable at the ssh client host is used to find the X server. The ssh client is able to make a connection to the X server, and simply shuttles everything between the X server and the X client. This all happens invisibly (except for the need to use the -X switch, or set it automatically in .ssh/config, as allend
has already pointed out). Since both the X client and X server see all traffic as originating at their localhost, most security implications are sidestepped.
In practice, you should need to simply run
ssh -X the.xclient.host
Then, from the ssh connection, any X client application will see its X server as localhost:xx Nothing more that that. Simple. Done all the time.