This might be a naive question - does this approach mean that the application and the kernel is now a single binary, and thus application crashes now translate to kernel panics? I guess now that we have docker it isn’t such a big deal, but otherwise it places a lot of confidence on the robustness of the application itself.

Yes & yes. Even "worse", there's no memory protection between the application and the kernel so application bugs can and will trample over kernel structures.

The way you'd typically use this is either on isolated hardware - with a hardware watchdog to reboot it, and firewalls to protect the rest of the network - or in a VM where the trust boundary is between the guest and the hypervisor (as is true for all VMs).

Users of unikernels understand these risks / limitations, but judge that the improved performance or ability to do things beyond what is possible with the syscall API is worth it. It's definitely not for everyone.

Guess you just reboot after crashes, and since you are probably running Unikernels in VMs, it doesn't take very long.

Other unikernels use more typesafe languages like OCaml etc, so there is less chance of kernel panics.