Attacker will steal your browser cookie the same way it does without flatpak.
If you have poor security hygiene and bad habits, flatpak nor anything else will save you.
if yoy fuck over with the default package manager, the attacker has your system, if you fuck over with flatpak, they have your browser cookie, my point still stand
sure, nothing beats good security hygiene and habits, but another security layer(plus others flatpak benefits) are a good thing
What you are describing here is fase feeling of security. Many flatpaks have access to your home dir by default. This is already security flushed down the toilet.
Browser is the biggest attack vector nowadays and this is where your accounts reside. Worrying about package manager while not giving a shit sbout bank account seems out of place.