When using Docker, you will deal with passwords and credentials on a daily basis. Sensitive information and passwords are very highly attractive for attackers, as usual. Also, setting the filesystem to read only is a wise decision, by adding the --read-only option:
docker run --read-only kali