The real problem for unikernels is that they are effectively irrelevant until the major clouds provide millisecond boot times along with appropriate pricing models that charge for execution on a millisecond level basis.
Developers love to write code, but unless unikernel developers start speaking up instead of writing code, the major clouds won't get on board and provide the needed fast boot times plus pricing, which makes all this unikernel code not a lot more than interesting personal / academic projects.
Questions of unikernel security are certainly academic if the cloud infrastructure doesn't run them in the most effective manner.
It's more efficient to let the unikernel start a HTTP server and keep running for a few minutes. With AWS Lambda you're paying for walltime even if the CPU is idle because it makes a long running network request. Imagine you're making 10 HTTP requests per second and each has a very long latency of 5 seconds. With 10 AWS Lambda "instances" running concurrently you're billed for 50 seconds. With a single EC2 instance you're billed for 5 seconds.
when the OS is just some library functions statically compiled in and the entire binary is a few megabytes that you can load directly into memory, why not?
Developers love to write code, but unless unikernel developers start speaking up instead of writing code, the major clouds won't get on board and provide the needed fast boot times plus pricing, which makes all this unikernel code not a lot more than interesting personal / academic projects.
Questions of unikernel security are certainly academic if the cloud infrastructure doesn't run them in the most effective manner.