Have you actually ever verified it? If you are a developer, you probably deal with already set up environment and your only job is to write a Dockerfile and push an image to a registry (or even less work if use Continues Integration). Altough I’m going to focus on production environment where Docker images are pulled and running, which is set up by DevOps or sysAdmiss, there’s still a good few things to check on your end to increase the level of security:
Does the place matter? Unless there’s a security guard asking you to empty your pockets, leave your mobile phone at the reception, the place does not really matter. Ask yourself these two simple questions: do you really know what other people do in the office? If you’re a manager you’re probably have your own office and if even if you don’t you probably would not stare at someone’s monitor (they will minimize the window very quickly anyway ;) ) Having your staff in the office gives you only an illusion of controlling their work.