Correct, we strongly recommend against using security.privileged=true
A VM gets you an environment like security.privileged but without the security concerns that come from a privileged container. However that also comes with all of the downsides of VMs, much higher CPU/RAM overhead, more difficult to share devices and storage, …