I don’t remember anything about flathub, but the Ubuntu snap store had some malware a while ago

https://www.linuxuprising.com/2018/05/malware-found-in-ubuntu-snap-store.html?m=1

use flatseal to restrict access helps if worried

They aren’t inherently safe. I don’t have any examples of Flatpak packages off FlatHub being poisoned, but FlatHub does allow “community” maintained packages - as in, someone unaffiliated with the development team of an app packages and publishes the app to FlatHub. That would seem to be a really good place to get into a supply chain if you were a bar actor.

deleted by creator

Flathub is likely safer than most other places to get flatpaks from, certainly safer than just some random repo you find on some guy’s website somewhere, but no software source is guaranteed to be 100% safe.

No, they are not always safe.

Be picky about what you install, and vigilant about permissions.

Not 100%, it’s not very hard to push packages to Flathub.

The general community is probably going to catch any issues that pop up extremely quickly. Like my main machines are all on whitelist firewalls residing on external devices. If any software tries to make odd connections, the connections will get dropped and logged. I wouldn’t hesitate to report anything odd. I don’t run sketchy proprietary junk for the most part.

I think so. In some cases the flatpaks are prepared by the developers themselves. This isn’t in itself a sign of trustworthiness, but if a dev were to sneak malicious code in somewhere and it were found out… Well, the internet is the courtroom, and the public the jury, right?

But, it is a piece of software, and you never know what one little dependency can do. Same can be said about repos.

Yes. Flathub aims to replace your distro’s repository as the source for non-system packages.