and the proprietary one could have a blacklist for very bad packages.

The ability remains to filter if there is a package that is considered bad or malicous. The default is just changed to an allow list. Secondly if there is a malicious package, it will probably be faster to contact flathub and have them take action that make a downstream update to block it.