Especially since they don’t talk about how they secure the local data
They don’t because they don’t
All the data you import is indexed in a SQLite database and stored on disk organized by date, without obfuscation or anything complicated.
Probably because this is still in early alpha and “the schema is still changing”.
Define “sandboxed”
Application can only access a limited part of the system? = use flatpak or build a container/VM image using the nix pkgs.
Application can be uninstalled completely and has separate libraries? I prefer nix.