IMO flatpak should assume untrusted too, unless it's a distro specific repository of strictly reviewed/controlled code (like Fedora Flatpak repo, etc).