It's still Kubernetes fault
> Kubernetes is highly customizable, with various configuration options that can affect an application’s security posture.
If the vast majority of security issues are attributed to misconfigurations, and misconfiguration is what keeps most operators up at night, then the problem isn't the users it's the application.
It's possible (but hard) to be highly customisable *and* safe. Kubernetes (apparently) hasn't achieved that equilibrium.