Yes, Docker is a black box. You don't know anything, you just launch something without understanding what components it consists of, what are they doing individually, what is their attack surface.
Not to mention that it encourages sloppiness and software bloat. The password manager could be put on a simple MCU device, instead, we have a large non-transparent multi-component installation swept under the rug with Docker. I do not think this is a good thing.
The same can be said of any software that you don't review and compile yourself. Whether I run a Docker container or pull in 500 npm/pip/cargo/gems/composer dependencies, the attack service remains. With Docker these individual layers can be separated and inspected at the very least.
Based on the name, I expected someone to take vaultwarden and make it an αcτµαlly pδrταblε εxεcµταblε that runs on its own without an OS; instead, this is just a quick tutorial for "how to set up vaultwarden".
Not to mention that it encourages sloppiness and software bloat. The password manager could be put on a simple MCU device, instead, we have a large non-transparent multi-component installation swept under the rug with Docker. I do not think this is a good thing.