In general, SELinux profiles use Mandatory Access Control, and not Discretionary Access Control. However, most desktop users find it difficult to understand, and often have bigger problems from reading silly posts off the web.

An outdated old package library relies on people understanding/tracking the complete OS scope of dependencies, and that is infeasible for a small team.

If someone wants in... they will get in eventually... but faster on a NERF'd Arch install. =3

>most desktop users find it difficult to understand, and often have bigger problems

That is exactly the strong point of flatpaks. It's a lot easier to use toggle in a GUI for permissions than write whole new profiles. Not to mention that many even disable selinux because it is difficult.

>An outdated old package library relies on people understanding/tracking the complete OS

It takes 0 understanding to copy paste a outdated package warning and report that to the repo listed in flathub. It explicitly tells you as much.