SharePoint list connected Flow and PowerApp creation security requirements need fixing
SharePoint list management permissions appear to be ignored by Flow. A user should not be able to create and save a flow connected to a list if they cannot create a standard workflow on that list. This could allow a user to hack around a standard workflow that is supposed to handle stages of approval, etc, by creating a flow to update fields.
A user without appropriate permissions to create a list form should not be able to create a PowerApp for a SharePoint list.
Dan C commented
No response to this security flaw and you are apparently launching this today?