Well, for one, Flatpak is a stupid design where the downloaded software gets to tell the system what if any sandboxing is applied. The way to have it be a security boundary is by enforcing the packaging :-(
You as a user can decide to install (or not) flatpaks based on their sandboxing settings, or even edit them with a tool like Flatseal. Which is a huge advancement compared to just allowing any binary to do any change in your system (with enough permissions of course).
Also, distributions can also provide their flatpak repos (or even another third party) and vet the packages with their own set of rules (such as "no packages with full filesystem access").