If the source of the image is getting hacked/ the maintainer does make a backdoor, etc

So attempt to run every container with the least privilege:

• seperate networks for each stack
• only map needed folders
• run the container as a non root user (some containers won’t work so they need to be run as root user)
• use a RP with authentication (if a app is valuable)
• make differential backups to shrink size and increase the interval (and check if they work)
• block internet access to containers that don’t need them