What I don't see discussed much is Docker. On macOS it already runs inside a Linux VM, and the setup can hardened even more (in principle): no bind mounts, no /var/run/docker.sock, non-root user, read-only filesystem, tight resource limits, restricted networking, etc.
Given that, what are the concrete reasons people still consider Docker unsafe?