If you’re on KDE using Discover for updates, the default on a lot of distros is to apply updates on reboot, but you can change this under the Software Update section of the System Settings app. I think it’s not a bad idea; I’d rather have a bit of controlled downtime than risk borking my system.
In defense of this warning, when I first put my application on Flathub, I had it because of how file i/o worked (didn’t support XDG portals, so needed home folder access to save properly). It did actually motivate me to get things working with portals to not request the extra permissions and get the green “safe” marker.
A lot of apps will always be “unsafe” because they do things that requires hardware access, though, so I could see them wanting something more nuanced.