> This would never fly at Amazon because it would cost them a few cents to have anorher VM.
That is categorically false. Not only does Amazon's RDS do that (can't find where they say that, might have been at reinvent one year) but for other services like Fargate they used to waste way more resources due to instance single tenancy, until they adopted Firecracker: https://d1.awsstatic.com/events/reinvent/2019/CON423-R1_REPE...
The point is that their container offering recognizes, correctly, that containers aren't a secure isolation boundary so unless there's internal only ec2 instance sizes (which seems unlikely, but I could be wrong) they used to waste significant portions of an instance's compute in the name of security since the instance _is_ a secure boundary.
More broadly, based on the literature I've seen, I'd agree that GCP takes security seriously, but so does AWS and I haven't seen any good evidence to say one would be "better" than the other.
I would expect both to come up with a robust security model and as part of their defense in depth I'd expect both to enforce single tenancy at a hypervisor level any time they're running anything untrusted or which can be materially/declaratively influenced by customers (e.g. code, SQL, etc)
This would never fly at Amazon because it would cost them a few cents to have anorher VM. Microsoft would probably not even notice the issue.