It basically ruins most isolation/security benefits containers provide, since having root access to this socket allows to nearly have root access to the host.
This is something you want to really avoid.
I don't really have a good solution to this "reload service when certificates are updated" problem that doesn't involve heavier container orchestration.