That's quite true. Any serious FreeBSD will readily acknowledge such(eg https://www.freebsd.org/doc/handbook/jails.html), but the project does try to default to sensible security defaults for it's containers eg no raw sockets.
While not applicable to FreeBSD alone, this polemic thread:
is a pretty accurate description of container level security and not much has changed. Stuff built on a foundation is always subject to the foundation's qualities.