It's fair to say that downloading and running images from Docker hub without establishing trust is a dangerous practice.
Similar in danger to using npm, rubygems, nuget, Maven central etc. In that there is only limited curation of content.
That attackers have "malicious" images on Docker hub isn't that relevant, unless they can get people to execute them. If they were typo-squatting or otherwise trying to trick users into running those images that would be more relevant. Instead what seems to be being described is the use of Docker images as part of attacks on other systems (e.g. Kubernetes installs with poor security)
The bit around running a malicious container instantly leading to root on the host is just wrong. With a standard Docker install, no customization, there are some risks, however unless you do something like run --privileged, or mount a docker socket inside the container, you're not guaranteed to be able to get root on the host.
(BTW anyone who reckons this is trivial should give contained.af a look)