I have been speaking to an engineer about the security of our containers. I know for a fact that these cointainers in our AWS are not patched frequently and are built of old images. The engineers seems to suggest that because the services hosted on these containers are behind cloudfront, the container itself isnt worth worying about. Is this a valid rationale? What could go wrong?