Basically you install the application inside a little OS with dependencies each time you install a flatpak, that OS is rarely updated with security patches and most of the time has full access to the host OS. flatkill.org
This is a lazy and insecure way of distributing applications with no real benefits.