1. So, you do want to run rsnapshot on the Borg repository (the destination to which is backed up)? Both rsnapshot and Borg keep a history, so you are keeping a history of when the Borg repository had which history. This will not be particularly efficient nor “as intended”.
2. be aware that Borg does incremental backups on file chunks, while rsnapshot works on whole files. So if a large file changes, rsnapshot will duplicate the storage used.
3. a Borg repository is more like a database of chunks (similar to git), while rsnapshot recreates the original backup data.

According to https://borgbackup.readthedocs.io/en/stable/internals/data-structures.html the repository storage consists of 500mb files. So using rsnapshot on those, will not be work as you want it to.

It depends on the use case. The most common security issue I have seen with docker is on Linux desktop systems: docker deamon runs as root and user wants to use it to test all kinds of containers. So they make the docker socket accessible to the user, to lazy to use “sudo docker” every time… Having access to the docker socket means having the same permissions as the one running the daemon: root . Your browser effectively now has root permissions. At this point you could just login as root to your desktop.