I don’t remember anything about flathub, but the Ubuntu snap store had some malware a while ago

https://www.linuxuprising.com/2018/05/malware-found-in-ubuntu-snap-store.html?m=1

deleted by creator

They aren’t inherently safe. I don’t have any examples of Flatpak packages off FlatHub being poisoned, but FlatHub does allow “community” maintained packages - as in, someone unaffiliated with the development team of an app packages and publishes the app to FlatHub. That would seem to be a really good place to get into a supply chain if you were a bar actor.

No, they are not always safe.

Be picky about what you install, and vigilant about permissions.

Flathub is likely safer than most other places to get flatpaks from, certainly safer than just some random repo you find on some guy’s website somewhere, but no software source is guaranteed to be 100% safe.

At https://blog.frehi.be/2023/04/23/the-security-risks-of-flathub/ someone has published an article about Flathub in which he addresses a few problems.

Therefore, the answer is that Flathub is not always safe to use. However, I do not know of any package source that is always safe to use. Is Flathub more insecure than other package sources? I can’t answer that because I don’t use solutions like Flatpak, AppImage etc. myself.

Not 100%, it’s not very hard to push packages to Flathub.

deleted by creator

The general community is probably going to catch any issues that pop up extremely quickly. Like my main machines are all on whitelist firewalls residing on external devices. If any software tries to make odd connections, the connections will get dropped and logged. I wouldn’t hesitate to report anything odd. I don’t run sketchy proprietary junk for the most part.

Yes. Flathub aims to replace your distro’s repository as the source for non-system packages.