Images are a false simplification

On the other hand images are one step further away from the actual source of the code (as in the dev team, not the files with the lines) which means there is one more layer that knows and cares less about the details, one more layer to be outdated and more layer you have to penetrate to figure out which open security issues exist and one more layer you need to rebuild once a security issue is fixed.

Images have quite frankly left me totally unconvinced that those who build them do actually care about security issues enough to even check for open issues, much less rebuild them every single time one gets fixed.

What good is having the authentic image if the image contains a mere few hundred open security holes of various (but not just low) severity?