And I want snapd to run in a Flatpak and flatpaks to run inside snaps. You know, for added security.
Wth does any of that have to do with a new mplayer release?

As an end-user I'd give that more likes if I could. I wish more distributions had security in mind.

The only time I care about getting all the performance is when gaming. With modern hardware "all the performance" is relatively meaningless...by modern I mean a Zen/Skylake CPU with a 570/1050 ti or better GPU....by meaningless I mean that they all do HD with high frame rates. With that in mind: better to err on the side of caution.

I can vouch for the Flatpak one. In my case, my media player setup is:

1. Install Kubuntu Linux
2. Rip out snappy, transplant the APT rule from Linux Mint that keeps it from coming back, and install Flatpak from the PPA and the KDE Discover plugin (for updates)
3. Install io.mpv.Mpv via the flatpak install CLI command so I see a "Do these permissions look good?" prompt that's missing from the GNOME Software and KDE Discover plugins.
4. Install Flatseal (for convenience over the included CLI), turn off network access for MPV, replace device=all ("All devices (e.g. webcam)") with device=dri ("GPU acceleration"), and set filesystem access to host:ro (Everything, but read-only) so more complex EDL file and subtitle situations can still work without waiting for them to hammer out a design for an XDG portal that allows access to neighbouring files.
5. Run my proof-of-concept script to re-introduce wrappers that allow Flatpak-installed apps to be launched in a terminal via their usual command names. (These wrappers also use --file-forwarding, so, if you don't need EDLs or subtitle files or playlists, you can remove host:ro and it'll still work by having Flatpak grant access to the files you specify on the command-line on-the-fly. You need my proof-of-concept script because the Flatpak developers have declared managing collisions when not using reverse-DNS command names to be out-of-scope. Mine can ignore that because, as a proof-of-concept, it can say "I trust the user will be prescient enough to never install two packages which expose the same command name".)

So you use the one from Flatpak, which he also provided, but you willfully ignored.

I would assume that if there would be wide spread hacks via video files played on players we would know about it? Sounds a bit to me like the story that china placed some microscopic chips inside some IT Hardware which seems to be not happend in the case they talked about it in the end.

You would have to get your hands durty but Firejail is a better solution than Snap/Flatpak/chroot and still easier than AppArmor/SELinux.

I found profiles for MPV and VLC but didn't see anything about mplayer in my quick search results.

Sandboxing is the exact reason MPlayerX left appstore
You can't hope a sandboxed player reading lrc/srt/ssa files at the same directory.

That is different. It is Apple rejecting applications because of their requested permissions and just saying "no, no, no". On Snap and Flatthub the developers can publish apps with whatever permissions they want.

Too many are a joke.

Firejail uses the same cgroups-based sandboxing as Flatpak, but with less strict containment, because it can't rely on the application only depending on the libraries it either bundles or gets from the provided application runtime. (Seriously. Firejail's --whitelist only affects $HOME and, if you want to whitelist anything outside there.. such as a /mnt path that your user has write access to, you need to manually build up an equivalent list of --blacklist calls.)

Also, that MPV profile isn't as strict as what I laid out with Flatpak even with host:ro instead of the XDG portal system.

Heck, Flatpak uses its own equivalent to Firejail called Bubblewrap... though Bubblewrap presents a lower-level, more limited API and expects you to use it in concert with other tools, while Firejail bundles equivalents to a bunch of Flatpak components into a single binary with a higher-level API.

My approach is to use Flatpak for open-source applications and Firejail for GOG.com games.