I don't understand exactly what you mean by "this kind of response". If I sounded rude, please forgive me as English is not my first language, so I may have committed some unintended rudeness.
Let me try to make my point more clear. The scenario pointed by +Bloo Alien
is something like: you go to a random website, download and install a malicious calculator app flatpack. Then you said "sandboxed apps are secure". What I'm trying to say is that is similar to saying "an https connection is secure". One does not go to a random site, sees that it has a valid certificate and start throwing their personal life into it (hm.... wait.... :)). I think the same is also valid for sandboxing. Unless one audits the app, they cannot be sure the app is using the permissions they gave it the way it promises it does (the server part). Also, the sandbox will probably have its own share of security vulnerabilities (the webcam part).