Hosting Node-RED and running "untrusted" flows

Hey,

I am currently wondering if it is possible for me to host Node-Red for Users and let them create their own flows that run on my server/in my docker container. This setup would create one docker container per user.

Is it possible to protect against all kinds of attacks that a User could write in a Node-Red function?
Are there other attack vectors that I should be aware of?