You misunderstood point 1. This about the client itself. Not about apps you can install using it. I would not call that basic opsec. It is quite impossible for a normal user to see this.
Neo Store is only recommended if you really have no other option. It’s definitely not recommend as they way to obtain applications.
Obtainium isan open suggestion discussed in another thread. F-droid basic is in alpha. PG has clear requirements and doesn’t permit alpha kr beta software for obvious reasons.
I highly disagree also about the target SDK not being important. Never versions are more robust and provide better security defaults and permission segregation.
Point 2. If you remove the main repository the app is quite useless. You can just get the apps elsewhere directly from the developers. You do not need the F-droid client. Besides that such advice becomes way to complex and unclear for the general public.
Reengereeing is not solution to this at all, it’s incomprehensive for the general visitor of PG and I am 100% confident that you are not doing so on every apps update. Also you are wrong not having to trust the original developer anymore. You would need to trust both. And so does the developer need to trust fdroid with handling their reputation.
Poimt 3. Replacing FCM is not something you need F-droid for. Besides FCM not being much of an issue at all given it’s contents are end to end encrypted. Pretty sure we picked the right posion here. Updates on F-droid’ repository have been reported to be slow. This is definitely a disadvantage.