brent A Flatpak is a package, designed to be self-contained, an application wrapped with all required runtimes, libraries, dependencies, and everything else needed to run the application in an isolated environment. In theory, the wrapped application is not changed at all by wrapping, nor is the application distributed in the sense that licensing restrictions are violated by redistribution. Wrapping is what allows Flatpak developers to wrap applications like Microsoft Edge, which is highly proprietary, without violating proprietary licenses.
I think that it would be helpful for you to do a little reading about what Flatpaks are and how Flatpaks are built. A good place to start would be Flatpak's official documentation. Read the introductory information ("Introduction to Flatpak", "Getting Started", and "Building") to gain a fair understanding of Flatpak architecture.
Flatpak architecture is designed for isolation, but security vulnerabilities exist and can, of course, be exploited by the unscrupulous. Nothing new in that, and a user's basic defense is to research and understand the developer's reputation and track record.
I am careful when deciding whether or not to install a Flatpak, just as I am careful when deciding whether or not to install a package, including packages in our own Solus repository. To my mind, Flatpaks are less likely to introduce malware because (a) Flatpaks don't alter system dependencies, libraries and so on, and (2) Flatpaks are designed to run in isolation, somewhat apart and aside from the system.
Doesn't change my cautious approach, though. To play on an old adage, "Think thrice, check twice, install once."
Axios But in todays world nothing is for sure.
Exactly.