The medium security level in lokkit blocks the X11 ports on 6000:6009, but it doesn't block VNC ports on 5800:5809 and 5900:5909. I'd hope it would, since a.) VNC is essentially a cleartext protocol, and b.) one can do more damage via VNC than via an unprotected X port.
We (Red Hat) should really try to fix this before next release.
Created attachment 92658 [details] Patch 1 to ipchains writer
Created attachment 92659 [details] Patch 2 to spec file to apply patch 1
Fixed differently in redhat-config-securitylevel-1.2.0-1.