These are the "cookies" of the X client to allow connection to the X server (displays). It's very clearly explained in the wiki:

xauth is a mechanism for enforcing access controls on X servers
(displays). When an X server is started, it is given a
randomly-generated "cookie". This cookie is written to a file owned
and readable by the user whose session the X server is running. No
other users can read that file. When an X client (application) is
started, it attempts to read and use the cookie to authenticate itself
with the server. If this "xauth" authentication fails, the application
is not allowed to connect to the server and show windows on the X
display.

The command

$ xauth list

will show the cookies available to the current session:

selene/unix:0  MIT-MAGIC-COOKIE-1  c2438e7c2858f142e0b81d6b4fe3867b

localhost.localdomain/unix:0  MIT-MAGIC-COOKIE-1 

c2438e7c2858f142e0b81d6b4fe3867b

Traditionally, the location for each users' cookies has been
~/.Xauthority: the X server writes its cookies to that file as it
starts up, and xauth (and other X clients) look in that file for
authentication cookies.

Source: https://wiki.ubuntu.com/RemoteXHowTo

And as is shown here, it seems that is a bug of lightdm that doesn't remove the old cookies and pollutes the /home directory.

https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1175023

In fact, I have this problem as you and also with .goutputstream files as is shown in this other bug:

https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/984785

Then yes, you can delete them because if you don't have a cookie to connect to a X server, you are going to create one new.