A common mechanism to override package-owned desktop files is to copy them into ~/.local/share/applications, and modify that copy (since the one is /usr/share/desktop will get overwritten on the next package update).
This mechanism is similar to putting a wrapper script in ~/.local/bin/ that shadows the real binary in /usr/bin.
Firejail, for example, relies on this. For desktop files that exist in /usr, it copies them into ~/.local/share/applications, and changes Exec= by prepending its sandboxing commands.
fuzzel, however, seems to show both entries, and it's confusing which one is which. Moreover, running the unsandboxed one is a security liability.
Feature request: Can fuzzel actually "shadow" one with the other in cases where the filename / Name= match?