Distro maintainers are a lot better about keeping libraries up-to-date than random application developers. They will even patch applications to work on newer libraries, even when the app developers do not.
There's also auditability. If e.g. OpenSSL (or some other library) gets a high rated CVE and Debian ships a same-day patch, I know I am safe. I can verify that I have installed the patched version, and I know my applications use that patched version. Not with flatpak. Now I'm at the mercy of a dozen app developers, many of which probably value security less than the Debian Security team.
IMHO it's a mistake for Fedora to drop its own packages for flatpak. But Fedora appears just to be a RedHat experiments playground these days, not a user focussed distro.
Don't get me wrong, Flatpak is fine if you want to install stuff from Joe Random Developer off the internet, but I trust the Debian maintainers a whole lot more. If they ship it, i can trust it.