While a theoretic possibility, the chance they'll break out is low. However a more secure way of hosting something like nextcloud is to do it in a good ol VM.
A VM does not share it's internals with the host and is much harder to break out of. If you do VM's properly it's going to be nearly as secure as running baremetal servers. You can ofc run docker in a VM if you do still want to use the ease of use that comes with docker.