One reason why application containers are successful is because they eliminate the complexities of a single system where multiple services are running and potentially interfering with each other.
There is no need for PrivateTmp= or some of the other configuration shown in this article because the application container already runs in a separate environment.
I think this is worth considering with respect to this article, even though containers definitely bring their own problems.
That's another problem to be solved.