Some thoughts:

You get the most security out of it, if you put your Docker node in a private network, and restrict who has access to the node. Use rootless docker, or at least user namespace remapping. Never run your payload as privileged container - you can add individual capabilities if required (not sure if this applies to rootless docker). Don’t run the main process inside containers as root user (this does not apply to rootless docker). Use a ready-only filesystem if the image allows it, and mount volumes into each directory that needs to persist data. Require your host to use a http/https proxy for outgoing communication - use a proxy that allows whitelisting of target domains so in case of an exploit the attack can not load stuff from arbitrary sources. Use different UIDs:GIDs for the different containers and their volumes - make sure they do not align with a user on your host that can sudo and become root .

Furthermore, the forum search should yield a couple of useful topics, as this topic has been discussed a couple of times in the past years.