What's wrong with containers? They are supposed to provide better performance than VMs. Are containers less secure?
In VMs as far as I know the attack surface is much smaller as the interaction between the guest and host kernel is limited.
If you can compromise the kernel (and kernel exploits aren't particularly expensive nor uncommon), then a container is like a door locked by a sign that says "Please do not open without permission." If you don't care to go through it, you won't. And if you want to get through it, it doesn't stop you. Once you're in the kernel, containers don't offer any meaningful separation.
Qubes uses hardware virtualization with a fairly stripped down Xen to provide the isolation, and that's a somewhat harder lock to crack open if you want to transit between silos.
Yes, the performance advantage is from less isolation/more sharing, and that's also why they are less secure.
"dumb scripts" that just copy files/install something, encrypt files, etc. will be well contained in a container.
"smart scripts" are more rare - but essentially if you're trying to break out of a container you can, container breakout methods are not uncommon. These types of malware are usually more rare.
So if your threat model is "I want to run this program that I'm pretty sure I trust but I'm not 100% certain" then a container is most likely fine as a convenient precaution.
But if it's "I want to make sure nothing can break out (especially if you're running user's code) and compromise the full system" then you want VMs.
With the recent pytorch-nightly compromise in december, AFAIK a container would have protected you, just don't assume that will always be the case.
EDIT: I wish katacontainers was easier to use and was more widely used - I feel like it gives most of the usability benefits of containers with the security of VM's which is what everyone should really want for most things. VM overhead can be pretty small, with under 100ms "boot" time, etc.