How do you see this delivering on the security component of the isolation? (Not that VMs are perfect in this respect but it seems to me that containers are a lot less solid)

Well, you need to get specific. Speaking for SmartOS[1], we've been running containers in production for over a decade; while security is never solved per se (that is, there is always the possibility that defects will result in future vulnerabilities), the reality is that there is a lot of experience running this system in multi-tenant, internet-facing production and that CVEs against the Solaris-based zones technology have been few and far between -- and I would imagine that the same can be said of FreeBSD Jails. These two technologies stand in sharp contrast to the Linux "container" technology (which is to say: namespaces), which is much more relatively immature and doesn't necessarily share the same design constraints as zones and jails. So if by containers you mean zones or jails, the security component of the isolation is well understood and in hand; if by containers you mean Linux namespaces, then yes, a "lot less solid" is probably phrasing it generously.

[1] https://wiki.smartos.org/display/DOC/Zones

Cgroups is "much more relatively immature", but it's predecessors, such as OpenVz have been around for about a decade.

This is definitely true, and to be honest, it's something of a mystery to me why the OpenVZ work has been essentially a second-class citizen for that decade. If Linux had taken path lit by OpenVZ (which is to say, if Linux had taken back the OpenVZ changes), the security gap between Linux and FreeBSD/SmartOS/illumos might have been closed much more quickly -- but as it stands (with the OpenVZ work essentially discarded in favor of the much more immature namespaces), Linux isn't on a trajectory to offer multi-tenant security via containers in the foreseeable future...

Ok, thanks for the clarification, all of my exposure to date has been playing around with some Linux offerings and it felt pretty rickety at best.