I am well aware of the weak points of Flatpak. But are you suggesting that running applications in a container is not more secure than running an executable completely naked?
You see: If you want absolute security, for sure, go for a full-fledged VM! Or run something like QubesOS. It is a completely reasonable decision.
However, malice certainly has degrees, and the "mildly malicious" programs most likely cannot take advantage of sandbox escaping exploits. If Flatpak can stop 95% of all attacks (relative to running a program completely without sandboxing), that is already a win in my book.
But I will note again that X11 is a big hole (as in, almost a complete free-for-all) for sandbox escaping in Flatpak.
You seem to think a lot of things that aren't security boundaries are security boundaries. There have been VM escapes too. VMs are not for running untrusted OS images you get from end users.
You see: If you want absolute security, for sure, go for a full-fledged VM! Or run something like QubesOS. It is a completely reasonable decision.
However, malice certainly has degrees, and the "mildly malicious" programs most likely cannot take advantage of sandbox escaping exploits. If Flatpak can stop 95% of all attacks (relative to running a program completely without sandboxing), that is already a win in my book.
But I will note again that X11 is a big hole (as in, almost a complete free-for-all) for sandbox escaping in Flatpak.