A lot of system applications on a standard Linux machine run as root or run with rootful permissions. This problem is solved by sandboxing, confining permissions and further hardening.

> requires sudo to use

Yes. However, this is a security plus and not a disadvantage.

> turns off all system firewalls

This statement makes no sense.

> has no way of doing security updates for containers.

I don't know what you mean by this.