I am using both of them without any problem.
The main advantage of Flatpaks (and things like AppImage) is that you have a single “executable” with everything you need and sometime that is useful even if the software is Opensource but the building dependencies are a nightmare. Subsurface (a dive log software) is an example.
If the AUR package is a simple build (or a binary which is a converted package) then go for it. If you need to start building a lot of additional package from AUR to meet the dependencie then I would suggest, in order, to look for the Flatpak (or AppImage) package or to install an helper to build the packages
It is not that simple.
For hardware attacks, older hardware are probably safe since the attacks are specifics to some newer features. I really doubt you can deliver a Spectre attack on anything up until the Pentium or even later.
On the software side, there could be some security bugs to which some older version could be vulnerable since there were not the vulnerable code at the time. Granted, there could be some security bugs that were not yet discovered in older codebase.