An attacker escaping from a container can’t be system root as Podman runs rootless (without some other exploit or weak password).
That would be true of podman running anywhere, and is not unique to an immutable distribution.
The filesystem itself is also read-only.
You can change that real quick if you have root access.
This is the way. Except my "big ol' app server" is an n95 mini pc that sips power.