Containers are for security, but they rely on the kernel+ being secure. VMs rely on the hypervisor+ being secure.
https://news.ycombinator.com/item?id=26076629