Comment by ssdspoimdsjvv

The parent comment was talking about a deployed application, and making sure users can't modify the source code.

In that case, your image hopefully was built using source code from a VCS and no such changes will have been applied. This is not so different from building an app by pulling the latest version of the code from Git.

And if you did manage to commit changes that completely mess up your environment, you throw that image away, take a vanilla one and load your source code into it. Again, not so different from using Git.