I’m no expert, but isn’t running in a VM strictly better than running on raw metal from a security perspective? It’s generally more locked down, and breaking out of the virtualization layer requires a separate security breach from gaining access to the running container.
Every technology that gets used frequently enough facilitates maladaptation to its faults. 😑