If you run X from startx on any ubuntu release through the current Dapper, and normally shut down the machine from within X, you'll accumulate large numbers of files in $HOME named .serverauth.????, one for each time you ever ran startx.
The problem: /usr/bin/startx creates a file called $HOME/.serverauth.$$, runs xinit, then removes the file. If startx exits ungracefully -- for instance, if the shutdown sequence sends it a kill signal (the script doesn't catch signals) -- the file will never be removed.
It's not clear to me what this serverauth code is doing anyway. gdm, kdm and xdm don't seem to use it at all; does startx really need it?
But if it does need it, why not use the existing XAUTHORITY code to set the filename (which apparently is what it used to use)? This XAUTHORITY block of code (defaulting to $HOME/.Xauthority unless previously set) appears to be a redundant way of setting the same filename; XAUTHORITY is set in the startx script and then it isn't used, either in startx itself or in anything else in /usr/bin or /etc/X11. From man xauth and from looking at the contents of the two files, it looks like they're the same file by two different names. Having XAUTHORITY set to a filename that isn't actually created is probably wrong, isn't it?
Just in case anyone's wondering, this bug is still there in feisty.
I still have to edit /usr/bin/startx on each new install if I don't want those .serverauth.???? files to pile up forever in my homedir.