Developers working with docker are almost always in the 'docker' group on their local machine, which is functionally equivalent to running everything as root.
This doesn't matter if the attacker is in the container. It just means that if the attacker is outside of the container they have a trivial privesc to root on the host.