This smells like possible security vulnerability. If Docker is passing environment variables meant for the container to the emulator too, there is probably a way to get Qemu to do more unintended things.
for me i feel bad for solomon, always missing the mark (docker, dagger) yet profiting must be a sobering reminder of how low the bar really is in modern tech (i'm sure he consoles himself just fine with a blanket of $ though!)