These arguments are painting a bike shed: the attack surface is not zero but it's still dramatically reduced and controlled. Nobody said anything about "letting someone I don't trust into the server behind the firewall" which of course is (cough) "not best practice."

Also, containers mean that one user can make changes (install/upgrade software, etc) and not adversely affect another user (incl their security stance).