It's just docker containers. As a technical person I was confused reading that at least 3 times until I made the mental connection that it's docker containers. So yes you are right it's made to sound more opaque and nefarious than one would normally assume in our field. If they have a policy that says we can't run docker containers in network A or zone B then just say so but don't lie to make it sound like Russia Hackers. That's the kind of shit that makes fence sitters and reasonable people across the isle not trust your motives.
Anywho, this whole "opaque" or "untrusted" code running in a VM is the same lingo that big corporates use to gatekeep newer technologies that bypass traditional processes. E.g. "oh sorry you can't test locally because you need to use our officially licensed and expensive Oracle DB instance. Oh and BTW, you can't use the free container image that Oracle provides free of charge. It's running 'untrusted' code in our network." and endless variations of that.
Anywho, this whole "opaque" or "untrusted" code running in a VM is the same lingo that big corporates use to gatekeep newer technologies that bypass traditional processes. E.g. "oh sorry you can't test locally because you need to use our officially licensed and expensive Oracle DB instance. Oh and BTW, you can't use the free container image that Oracle provides free of charge. It's running 'untrusted' code in our network." and endless variations of that.