This was not always true and running rootless has been a benefit of Podman for a long time. Docker also does not run rootless by default afaik, thus making the attack surface greater by default.
The other main improvement of Podman over Docker is that Podman is daemonless and therefor is incredibly lightweight and portable.
Inertia I guess... We try. I managed to remove it everywhere in our stack in CI and such but in dev everyone is used to docker build.
And I don't have the energy for the team meeting to discuss a change.
And honestly docker compose has been ridiculously stable for us. 2+ services on seperate servers behind haproxy has been as stable as our Kubernetes Cluster for a fraction of the (intellectual) cost.
I mean, if you have zero experience with systemd, then yes. By contrast, if you've ever worked with any systemd unit files at all, then all the "systemd stuff" will be very familiar.
Which, if you're doing sysadmin type things on almost (e.g. not Alpine) any mainstream Linux distro in 2026, you should expect to encounter systemd unit files in your day-to-day.
I'm sorry but this is all just apologism/excuses. Docker's had rootless mode for 7 years. The attack surface is the local system, which always has a privilege escalation vuln of some kind, so Docker isn't a game-changer. And lightweight? I have never heard someone say "that Docker daemon is hogging all my resources".
The other main improvement of Podman over Docker is that Podman is daemonless and therefor is incredibly lightweight and portable.