Hey, first time poster here, very new (<1 month) to linux!
tl;dr: is it ok that a Flatpak saved images to /run/user/1000/doc/ or does it indicate that the Flatpak has access to something it shouldn’t have?
Background: I downloaded the Signal Flatpak from Flathub using the Software program. I have Flatseal set up for Signal without any file permissions granted.
Issue: When I downloaded some images from a Signal chat, I noticed that in addition to saving to Downloads (the location I chose), when I click “Show in folder” within the Signal Flatpak, it opens a /run/user/1000/doc/ location instead, where the images are also saved.
Research I’ve Done: This post seems to indicate that this location is a portal allowing apps to access places outside their sandbox. I’ve read the linked doc there and just want to make sure I understand.
The Actual Question: Initially, I was concerned by what seemed to be a Flatpak writing to a sensitive location it didn’t have permission to see, but can someone please confirm that this is expected behaviour, basically a designated place that the Flatpak can safely store images without actually being able to access anything else in my files?
Since there isn’t an “official” Flatpak for Signal, I’m just extra wary of unexpected behaviour from the app, and figured it was a good learning opportunity even if the concern is baseless. 
I couldn’t find any specific places where this question was asked aside from the post I linked above, apologies if I’ve missed something and thanks for your help!
I do have images with the steps to reproduce the “issue” if needed
My OS is Fedora Linux 43 (Workstation Edition)