When security is critical—or the usability hit is acceptable—putting something into a virtual machine is second only to putting it on its own physical machine. Depending on the platform, Docker may even be using a virtual machine under the hood.
For maximum performance, make sure you are virtualizing the host architecture, and not emulating a different one.
I hacked together a virtualization app, Microverse for running macOS-inside-macOS on Apple Silicon specifically, which is otherwise not available.