Currently, Fedora default is no Flathub at all, afaik. At least in Kinoite, without the custom GNOME setup dialog.
These Fedora Flatpaks are probably very secure. Problem: They are not official and some packages cannot work, like video players and Browsers.
So in the end, users need rpmfusion, or they need to add flathub, best UX is to remove Fedora Flatpak in the same instance, to automatically get the correct Firefox for example. Also to remove the Fedora runtimes and reduce RAM usage.
Now you have Flathub, unfiltered, some apps verified, some just random apps from any random person. Which can be a problem, as we saw in the Snap cases with Malware spreaded there.
I can imagine this should be solved upstream, via a flathub and flathub_unofficial repo. Where the official ones are the ones made by verified original developers.
But then there are exceptions, like secure and well maintained apps, well known, established, like Bitwarden, VLC and so on, where the upstream developers are not responding to any Feature Requests and have no idea of Flatpak.
This would lead me to think, a list of approved apps would make sense. Then there could be two repos, or configurations of the one repo, or however done, where you can opt-in to the untested apps, but the rest is “Fedora Community verified”.
This would not mean you have no apps anymore available, but a secure system where all apps are checked prior to just appearing there. Many lack good isolation from the system, may be phishing etc. I can imagine that the Flathub community manage the apps well, but I am not too sure.
What do you think?