Also there's something to be said for security through obscurity. My bet is I could go through my entire junk mail folder opening all attachments on Linux without a problem, but it'd take me less than 10 on windows to be fully owned. If you're careful on Linux aren't you far, far safer than if you're careful on Windows?
Almost all popular applications on flathub come with filesystem=host, filesystem=home or device=all permissions, that is, write permissions to the user home directory (and more), this effectively means that all it takes to "escape the sandbox" is echo download_and_execute_evil >> ~/.bashrc. That's it.
This includes Gimp, VSCode, PyCharm, Octave, Inkscape, Steam, Audacity, VLC, ...
To make matters worse, the users are misled to believe the apps run sandboxed. For all these apps flatpak shows a reassuring "sandbox" icon when installing the app (things do not get much better even when installing in the command line - you need to know flatpak internals to understand the warnings).
And given that the version of Fedora I use is immutable and even I have a hard time messing with it to the point of pain/exploit with full access to the system (and I've tried for fun in VMs) I feel like a trusted flatpak app I download from a trusted source is going to have a damn near impossible time doing much of anything. While I feel like a simple website hack that serves me a bad .exe could/would cripple every single file it can find on my network on a Windows machine.
As for immutable distros, AFAIK Silverblue and others are immutable in the sense of package management, but there is actually no process to ensure the integrity of the full boot chain because initrd can be trivially modified by the host and is unsigned. There is a UKI (Unified Kernel Image) proposal that will likely be the path going forward (at least on the Red Hat world), but I think it's still years away.
In my opinion, if you want to use Linux desktop securely, just use Qubes.
