Hello,
SourceForge was abandonned because of malwares distribution: A hotbed of malware: Another blow for SourceForge as Google discovers 588 pages with malicious software - Information Age
I suggest a new feature on Flathub website: adding a ClamAV or better, a VirusTotal scan report for each Flatpak app. There are sometimes viruses in Linux apps: Linux malware strengthens links between Lazarus and the 3CX supply‑chain attack | WeLiveSecurity
ClamAV: https://www.clamav.net/
VirusTotal: https://virustotal.com