Containerization certainly ought to be an isolation layer to boost security. What's unfortunate is how little we can rely on docker to provide any additional security.
Given that docker is simply an abstraction of the various kernel functions it is arguable that eliminating the docker piece and directly managing the kernel functions would be more secure.
Problem there is it requires a significant learning curve and when you get to that point you start evaluating the ROI of containers. Deployment is easy. Operations is easy. Until either one of the two fail. Then debugging becomes a seriously complex problem.
There are fairly few vulnerabilities discovered in docker itself.
The last one was in runc, the underlying container executor... these are very hard to get right.
This is kind of a stinky one, though because docker runs in the root context (unless you are experimenting with the rootless docker mode).
You could take this same argument to absurd extremes: the kernel is just an abstraction over the hardware, surely you could ditch the kernel and manage the hardware yourself and it will be more secure.
The reality is, in both cases, no you can't. Doing this stuff right requires expertise, and generally need more than one or two people looking at it.
