It is important to understand that while, yes, the files in this directory are user-modifiable, each strict mode snap can only write to its own area in ~/snap, so snaps cannot interfere with each other. Importantly, because these files are in ~/snap, anything that is written out to these areas is not considered by the user’s session (not without very deliberate changes made by the user) and therefore do not provide an avenue for sandbox escape.
Malware shipped as a strict mode snap are thus restricted by the policy of the sandbox and you are right to point out that x11 is a problem (along with other legacy desktop interfaces like gsettings and desktop-legacy) since they provide other means of sandbox escape. You will want to only install snaps that use these legacy interfaces from publishers you trust.
Similarly, while classic snaps have per-snap directories setup in ~/snap, the snaps run effectively unconfined and can do pretty much anything the user invoking the command can do. Likewise, you will want to only install snaps that use classic confinement from publishers you trust.
For more information, see Snap confinement for more information.