a lot of apps on the flathub website say “Unverified”
Those are usually either wrappers for proprietary stuff, for example the Chrome flatpak is unverified because it’s not from Google themselves but rather somebody grabbing the official deb/rpm and rebuilding it into a flatpak (this is also how a lot of e.g. AUR packages on Arch work, basically), or open source stuff for which the dev/packager simply didn’t care enough to do the verification stuff that Flathub wants you to do (doesn’t actually seem that hard, but one might simply not have been aware of it or something).
Don’t recall people particularly complaining about the unverified badges before Mint started hiding unverified flatpaks by default, though; suddenly after that “everybody” started noticing them.
I had a 128GB USB “3.0” (one of the cheaper ones so might have actually be slower than 2.x max speeds) stick fail on me right after installing Mint onto it and booting into it once or twice, so yes this is indeed a thing that can happen