There are portals: https://docs.flatpak.org/en/latest/desktop-integration.html#portals . they allow secure access to many features. Also any flatpak app still has access to a private app-specific filesystem, just not to the host.
Doesn’t work for all applications but for many sand boxing is possible without a loss of features.
The system tray is the one thing i need to see that/if email/steam/chat is running and if there’s new messages. Otherwise gnome works great for me