Well, it's probably more secure than doing `pip install` and letting every dependency run whatever to install itself on your host...

Actually not at all assuming you are using a VM for a production workload.

Additionally, even if you only rely on a container - still no: other container engines have a lower attack surface.

I'm talking about local dev here.