Yes I'm aware of that, having written several systemd units for my own services in the past. But you're not likely to get any of that by default when you just install from the package manager as it's the discussion here, and most people will just use the default systemd unit provided, and in the vast majority of cases they don't provide the same level of isolation the default docker compose file does.
We're talking about ease of setting things up, anything you can do in docker you can do without, it's just a matter of how easy it is to get good standards. A similar argument to what you made would be that you can also install multiple versions of databases directly on your OS.
For example I'm 99% sure the person I replied to has this file for service:
[Unit]
Description=Plex Media Server
After=network.target network-online.target
[Service]
# In this file, set LANG and LC_ALL to en_US.UTF-8 on non-English systems to avoid mystery crashes.
EnvironmentFile=/etc/conf.d/plexmediaserver
ExecStart=/usr/lib/plexmediaserver/Plex\x20Media\x20Server
SyslogIdentifier=plexmediaserver
Type=simple
User=plex
Group=plex
Restart=on-failure
RestartSec=5
StartLimitInterval=60s
StartLimitBurst=3
[Install]
WantedBy=multi-user.target
Some good user isolation, but almost nothing else, and I doubt that someone who argued that installing from the package manager is easier will run systemctl edit on what he just installed to add extra security features.