If it's free and open source and it's also software, it can be discussed here. Subcommunity of Technology.
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
As a maintainer of another unofficial flatpak:
You can always check the source code of the flatpak (code that downloads the dev then runs it inside the flatpak sandbox) here: https://github.com/flathub/org.signal.Signal
Any of the current maintainers could add malicious code, but that would ruin their GitHub & by proxy:Twitter,LinkedIn credibility.
Flathub have final say on what is built and hosted on their flatpak repository (Flathub != Flatpak) and are able to remove versions at will.
I'm not a developer so I can't really check myself
I just read through the unofficial Flathub Flatpak for Signal and it is very simple. It fetches the .deb from Signal's website, installs it in the sandbox, and uses a launcher script to tell the OS some basic toggles like should it start minimized or should it display a tray icon. In the script it makes use of zypak, which to my understanding is to tell electron (chromium) to allow sandboxing to be handled by Flatpak. Here is the repo and the build instructions is the .yaml file.