I think the broader point is that it stops the user doing something they want to. Something they could still do with a camera.
The flag should secure it from other apps but the user screenshot tool should be able to override it. The cap framework should be able to do this, you just need to insulate the app itself to ensure only real people can use it.
I'd be happy to hear about an attack vector that compromises encrypted private OS storage on Android, but does not compromise the apps view hierarchy rendered by the same OS. FLAG_SECURE is just an OS flag though.
Because your sentence just sounds like platitude without any thought behind it.
The flag should secure it from other apps but the user screenshot tool should be able to override it. The cap framework should be able to do this, you just need to insulate the app itself to ensure only real people can use it.