I agree, and that's unfortunate, but I value it far less than I value the integrity of my computer and the data on it.
Steam itself has an interesting "Linux runtime" option for games, but it is unclear if that isolates things more than the status quo.
I don't know what I could do, short of replacing every executable in the steam directory with something that uses a mount namespace or a similar restrictive mechanism before launching the actual executable. Inject a modified libc to perform this on steam's exec call? I think the ball is in Valve's camp to improve this.
If flatpak works perfectly, I suppose an attacker could still steal the "cookie" that automatically logs you into Steam.
Ideally you want Steam to be sandboxed, and then Steam to in turn run all the games in individual sandboxes.