Right, that’s indeed exactly what shiftfs does.
It’s only really a problem if you’re dealing with extra mounts which are visible to unprivileged/untrusted users on the host and that filesystem isn’t mounted with nosuid/nodev. In that case, root in the container can create a setuid binary or a device node which the unprivileged/untrusted user on the host can then exploit.
If the container itself is on shiftfs or you’re attaching a custom storage volume, the source of those volume is kept completely inaccessible from unprivileged users on the host, to avoid any such issues.
But when you’re attaching a disk device with shifted=true, then yes, you need to keep this in mind.