Flatpak apps that bypass the sandbox still has sandbox emblem
Various flatpak apps bypass the sandbox in various ways with different degrees of severity, some e.g. theoretically allowing themselves to secretly scrap the screen content, or impersonate a system component. The permission to do so is part of their flatpak manifest, e.g. it opens up access to org.gnome.Shell
or org.gnome.Shell.Screenshot
which both allow full or partial sandbox bypass.
Showing such applications as "Sandboxed" gives a false sense of security, as they in practice are in fact not sandboxed, but make use of flatpak for features other the security aspect of sandboxing itself.