If you look at the manifest file in the link at the bottom of the page you can see the source and binary files used to create the unverified applications. This is very reassuring (I haven’t seen anything suspicious, dependencies are from the official domains you expect and the program themselves are from the official github or official domain) but it is time consuming.
What do you think of my idea?
Edit: Showing a list of source and binary files (the URLs) on the Flathub page. And verifying/being clear if there from binaries or source.