You are just reducing the blast radius with use of podman; you will likely need secrets for your app to work, which will be exposed regardless of the podman approach.

No it is not.

>You have to make sure you're not putting any secrets in the container environment.

How does this work exactly? containers still need env vars and access to databases and cloud environments. Without these the container is just useless isolated pod.

All right then, keep your secrets.