My worst concern now would be network security. With root access, it is trivial to e.g. install spambots in all your containers (just checked, command execution works, and external network access is enabled). I think it is a good idea to at least disable networking. (Update: and use a minimal Docker image like Alpine Linux).
Basically I can run any bash script, as is, with
Disclaimer: Absolutely not a security expert, just someone who is somewhat on the hook for security!
Probably the biggest one is to use Virtualbox or another virtual machine so that Docker isn't your only line of defence.
and 63 contributors. ;p
Please don't misunderstand this. I know from reading your postings on /r/scala that you are a humble person. Originally I actually didn't even knew if there was a contributor to the security section besides you and only wanted to tease. :D
but that's a fair counterexample.
Maybe Jessica McKellar's "Building and Breaking a Python Sandbox" talk can bring some ideas. (But maybe not! It might be too Python-specific or too language-level whereas you want to remain at a higher level with just Docker)
SELinux also helps, from what I've read.
Looks like you've got a Hacker News effect on your shoulders. :) Servers seem to be overloaded.