About time
The default model for docker image use is in practice fatally flawed from a security standpoint. There is simply no way to credibly confirm that all of these images are properly secured. If you want to take someone's build file, examine it, and build your own image, which you host yourself, great. Anything else is just running a script from the internet as root on all of your machines.
I love Docker as a technology. But it has to be in a securable environment.