I don't disagree with any of your points, but they aren't relevant to anything I've said. I never said Docker is the only one doing this. It's also not a surprise Docker in particular is doing this - Docker has a long history of doing bad things.
It is relevant because you said “there's no way this is true” when it is in fact true, which means that your understanding of how the system works doesn't match the actual behaviour. I mentioned the importance of scanning to catch those situations quickly.
