Flathub has hundreds of apps which are not sandboxed and untrustworthy. So, no source is safe, and even most “safe” apps are not protected from supply chain attacks. So, you always have to be careful. But I agree there are certainly degrees of safety, and the AUR is certainly another one, which should not be taken lightly.
That’s why you are supposed to check the pkgbuild before installing anything from the aur.
Flathub has hundreds of apps which are not sandboxed and untrustworthy. So, no source is safe, and even most “safe” apps are not protected from supply chain attacks. So, you always have to be careful. But I agree there are certainly degrees of safety, and the AUR is certainly another one, which should not be taken lightly.