containers in general are horrible wrt security because they are architecturally flawed - they pretend to have some sort of 'isolation' but that was crap docker marketing people just made up - there is no isolation - k8s pushes this agenda further by declaring that multi-tenant workloads are perfectly normal and ok for containers which they absolutely are not

just look at the CVEs from recent years:

* docker doomsday * escaping like a rkt * cryptojacking? - that didn't even exist until containers were here!