Yes, but distributions provide a security layer, as well as source repositories. With flathub, binaries with no source code are being packaged up (albeit with scripts), and the process of pushing updates is quite easy.
Not really, distributions do not check every piece of code that is packaged and distributed.
I just meant that centralising distribution does not make thing specifically safe neither. Some form of audit over flathub would be nice though, but I personally much prefer projects open to community contributions.
It looks a lot like they are auditing what gets included very tightly. On the other hand, Flathub is all about convenience, and while I get where they're coming from, they've already shot themselves in the foot when it comes to credibility by allowing third parties to package binaries. If the sandboxes that flatpaks run in were really impenetrable, that'd matter much less, but they're not.
