Containerized applications are applications run in isolated packages of code
My main point is that a running AppImage isn’t isolated, it can access and modify any file that the user has the permission to. So theoretically, an AppImage could read and upload your ssh keys or put rm -rf ~ in your .bashrc.
A Flatpak app on the other hand needs to either declare specific permissions in its manifest if it wants to e.g. access your home directory or use xdg-desktop-portal to ask for a permission at runtime. This can help when running proprietary/untrusted software or if you want to control what a program can do and what not.
A more popular example are Android apps which are executed in a strict sandbox and need to ask for permission if they want to read your images, access your microphone etc.