Yes & yes. Even "worse", there's no memory protection between the application and the kernel so application bugs can and will trample over kernel structures.

The way you'd typically use this is either on isolated hardware - with a hardware watchdog to reboot it, and firewalls to protect the rest of the network - or in a VM where the trust boundary is between the guest and the hypervisor (as is true for all VMs).

Users of unikernels understand these risks / limitations, but judge that the improved performance or ability to do things beyond what is possible with the syscall API is worth it. It's definitely not for everyone.