As mentioned by others, I think the question boils down to "can I trust Flatpak as an entity providing software?"
Flatpak "Security Issues"
Barring any severe, currently unknown vulnerabilities in Flatpak itself (e.g. privesc), those linked "issues" with Flatpak don't seem to apply to your concerns, and can be debunked.
- Many Flatpak apps have filesystem write permission
- Most Flatpak apps do not run in a sandbox
Yes, unless you are using precisely configured SELinux or AppArmor profiles, all of your apps built/installed from source or through the package manager have these issues as well.
- Slow/no critical security updates to apps and runtimes
Depends on who provides/maintains the application. No different than many regular projects and sometimes even distributions.
Since your concern seems to be regarding the integrity of the app itself, I do not believe that these issues apply.
Can you trust GnuCash provided by Flatpak?
I think that this is the core of the question. My answer is very similar to your first provided AskUbuntu link.
Since the Flatpak is linked to from GnuCash's website, it seems to be more or less official, plus the developer is listed as "GnuCash Project". In theory, the code running in the Flatpak image should be nearly the same as that in the official releases. The build process is fairly open; you can see how GnuCash is packaged on GitHub.
This is assuming that Flatpak/Flathub is not malicious (or compromised). I suppose if you wanted, you could verify that the binaries inside the package match "trusted" ones, but it may be quite an undertaking. Entities like Flatpak are likely under a lot of scrutiny from the community, so any major mistakes (especially for a project like GnuCash) will likely not go unnoticed.
But, the question "can I trust vendor XYZ" cannot be answered definitively. We make this decision every time we download software from anywhere.
TL;DR: It is ultimately up to you what software/vendors you trust, but I see no issue with using GnuCash provided through Flatpak.
