With my calculator flatpak I only have to trust one person and to a much lesser degree, because they declared that the calculator can't access my personal files to begin with. The same app in my distribution repository has full read-write access to all my users files, network access and much more. So yeah, I trust it more.

Distribution maintainers are nothing but a middle man, which don't even audit the code they package, so there's nothing I gain from them.