I actually agree with Linux Mint's decision. You can not trust any random upload. Either it's an official/verified upload, or it shouldn't be there at all (or it should be a separate app for those who want it). That's why in my system, I only install from the official debian repos and not the community ones. I just don't trust random anonymous uploaders.

I appreciate the clear marking that something is unverified, but don’t think disabling by default is the right move. As others have mentioned, most of the software in the distribution is also unverified.

This is a great start, but tbh, I’m not fully sold on “verified” flathub apps. Verification requires a token to be placed into a source repo or a website, but there appears to be nothing on actually verifying that the source/site are the original creators. So, for example, if someone packaged a malicious version of librefox and established it under io.github.librewolf-community instead of the canonical io.gitlab.librewolf-community, I’m concerned it’ll still show as verified (though quickly removed). The process can be read about here.