Are actually Bottles secure?

No, not at all. Bottles just helps you setting up different environments for running programs with Wine. They are not sandboxed in any way. The only thing they do is tell Wine "use this folder as the Windows-C-Drive". And by default the whole root system is exposed as Z to the Wine environment (with the usual Linux permissions). And even if the root drive were not exposed there are not any mechanisms in Wine to prevent a malware from gaining access.

Most malware is written for Windows, especially when it's distributed as a Windows executable. (Almost) no Windows malware targets Wine specifically. However, Wine on its own is not a sandboxing tool, and Windows ransomware will ruin your day.

Bottles does two things for security:

1. Separate wineprefixes
2. Being a flatpak

By separating wineprefixes, as long as the host filesystem is not directly exposed (which iirc is default for bottles), any malware not written with Wine in mind will only affect its own "bottle".

By being a flatpak, even if some Windows malware specifically targets Wine, it would still have to escape the flatpak sandbox for elevated permissions. If the bottles flatpak has no access to personal files, "Wine-aware" malware won't either.

Although malware can still do damage, even in its own sandbox. For example, botnet type malware would still function. The host system is "safe", but the damage can still be done externally. Usually application-defined "autostarting" of applications is broken under Wine (iirc), which means all non "Wine-aware" malware will only start when an infected windows application is started in bottles.

Any sandbox will eventually be escaped, and malware sophisticated enough will be able to get access to everything on the host system. The chances of running into malware like this in the wild are extremely small.

• Is it fully secure? No.
• Is your virtual Windows environment safe? No.
• Are other "bottles" safe? Likely, as long as the malware isn't aware of Wine.
• Is your Linux host safe? Most likely, depending on your flatpak settings. (and the malware has to specifically target Wine under Flatpak).

As others have said, no it's not really secure.

But you could always use something like Firejail or Bubblejail to properly sandbox your applications. Also, using technologies like SELinux or AppArmor helps improve your security profile and could protect you against unknown/future exploits.

But most importantly, the best security measure you can take is keeping your system up-to-date, especially kernel updates. Unfortunately, if you're using some small-time distro, they may not update frequently or may not be as quick to respond to security incidents. Even some old-time reputable distros have been pretty bad at updating, like Linux Mint for example.

Also, consider using an immutable distro for added security, preferably one which has SELinux enabled and configured out-of-the-box, such as Bazzite.

Huh? Why do you compare bottles, which is a way of simplifying running windows applications via wine, with flatpaks which contains native linux applications?