A root user inside the container can cause more havoc inside the container. One issue is that you might have sensitive data accessible from within inside the container. A hacker replacing system binaries inside the container might also affect how your application inside the container runs, a read-only user makes this much more difficult.
You can't assume all containers have same access and trust-level as a user because at some point you also have to process your requests and store your data - and that processing is most likely also be done in another container (even if your actual data-volume is mounted outside the container). For such containers same security measures as for a physicial machine applies.
You can't assume all containers have same access and trust-level as a user because at some point you also have to process your requests and store your data - and that processing is most likely also be done in another container (even if your actual data-volume is mounted outside the container). For such containers same security measures as for a physicial machine applies.