Unikernel, No-kernel, whatever
This is OK in limited circumstances: stateless embedded devices, game consoles, audio/video workstations (maybe), and under virtualization -- ONLY IF the application has no access to sensitive data AND any data you wouldn't want to lose (savegames, recordings) is securely+reliably stored elsewhere, in a storage system that assumes the client is pwned. Essentially that means NEVER.
Containers are a kludge for people trying to run a "system stack" (ie. Linux, Nginx, MySQL, PHP 5.3, Nodejs 0.10.x - note that those are insecure outdated versions) as an "application" in a single process under another Linux system where they can't easily install those old versions. Generally they're just trying to make it work, they don't know or care what's inside the container, and they don't know the risks of data leaks or privilege escalation. Dangerous.
Biting the hand that feeds IT
