and the proprietary one could have a blacklist for very bad packages.
The ability remains to filter if there is a package that is considered bad
or malicous. The default is just changed to an allow list. Secondly if
there is a malicious package, it will probably be faster to contact flathub
and have them take action that make a downstream update to block it.