The same can be said of any software that you don't review and compile yourself. Whether I run a Docker container or pull in 500 npm/pip/cargo/gems/composer dependencies, the attack service remains. With Docker these individual layers can be separated and inspected at the very least.

Based on the name, I expected someone to take vaultwarden and make it an αcτµαlly pδrταblε εxεcµταblε that runs on its own without an OS; instead, this is just a quick tutorial for "how to set up vaultwarden".