Running things in containers and VMs reduces the damage. One service on your homelab being compromised is a lot better than your entire homelab server getting compromised.

Neither is a security guarantee, but it does add a substantial extra barrier.