So now we're blaming developers for messing up with sandboxed systems? I really hope this isn't the rhetoric you use to convince people to start packaging with Flatpak...
You're the only one assigning blame to anyone here. Not all problems need a villain.
Both of these things can be true at the same time: The library authors ultimately messed it up and could have prevented it by reading documentation better. Flatpak has a footgun and could have prevented it by better dev UX and/or structuring docs differently.
Hopefully this incident is leading to improvements in both.
