The X server on my Mabox is running as root although it is highly recommended for security that it is not. Therefore every vulnerability in X can have really bad consequences.
For instance, output from ps command:
Thanks Tomek. I managed to sort it out quite easily with the help above. I chose not to run a login manager and just followed instructions and added my own .xinitrc file. This file overrides the template xinitrc which of course does not start the openbox-session. X now running as non-root user.