I'm not suggesting all containers shouldn't be used for security. I'm just saying docker - specifically - isn't an isolation tool that's was designed primarily as a security tool. There are other solutions on Linux if you want security - such as LXC and OpenVZ - which I suspect is what those ISPs you're referring to use.
The problem with docker isn't at the kernel level, it's the userspace tooling. It's pretty insecure by default. For example it creates bridged networks as the default network interface and actively encourages (by design) developers to run code as root (since creating non-root users then becomes a manual RUN command). Then you have vulnerabilities in the user space tools to contend with in addition to the same concerns about sharing a kernel that crop up when discussing security and containerisation. That said, there are some stuff it does right from a security standpoint but generally speaking docker is a tool you need to harden rather than something that comes hardened.
I don't hate docker though. It's a great productivity tool and it can be run securely if you have proper defence of depth. But I would advise against running docker as your only sandboxing. To be honest, I'd advise security at all levels regardless of the docker discussion anyway.
The problem with docker isn't at the kernel level, it's the userspace tooling. It's pretty insecure by default. For example it creates bridged networks as the default network interface and actively encourages (by design) developers to run code as root (since creating non-root users then becomes a manual RUN command). Then you have vulnerabilities in the user space tools to contend with in addition to the same concerns about sharing a kernel that crop up when discussing security and containerisation. That said, there are some stuff it does right from a security standpoint but generally speaking docker is a tool you need to harden rather than something that comes hardened.
I don't hate docker though. It's a great productivity tool and it can be run securely if you have proper defence of depth. But I would advise against running docker as your only sandboxing. To be honest, I'd advise security at all levels regardless of the docker discussion anyway.