The default setup for guests via the gui leaves them vulnerable to other users accessing the vnc server. IMHO THIS IS VERY BAD. I do not trust the other users on my system. They should not be able to reach my vnc server for a guest. As SDL will not even work for me with kvm ... "Error starting domain: operation failed: failed to retrieve chardev info in qemu with 'info chardev'" This means I am forced to use vnc... The gui will also not save my password etc. This is really not good...
Sorry this never received a response. I don't think we will change the default listen address any time soon, but there are several capabilities to lock it down further, and distros can always choose to change the default. There's more discussion in bug 1043919 *** This bug has been marked as a duplicate of bug 1043919 ***