I think the main reason why the implementation is insecure by default is simply because when it started most applications did not use portals and many portals we have today did not exist. You had to poke holes in the sandbox to make anything work cause all applications expected to run unconstrained. In the future as more apps become flatpak aware this should stop being an issue.