@BrodieOnLinux@berkough right which is why part of the equation is developer verification, human review of app submissions and permission changes, and a more nuanced safety rating that takes into account network access—all the case with Flathub + GNOME.
Buuuut even then it seems like it would be easier not to promise safety, but to warn on more critical potential issues.