After further discussion w/ our HTCondor developer (HTCondor is the scheduler we're using to orchestrate docker containers on our resource pool), it sounds like file permissions may indeed be part of the motivation:
"HTCondor always runs the container as non-root, as it provides a volume-mounted sandbox directory with the input files it brings along, and the output files that it takes back to the submitting users. A specific thing for us is we might not know at container creation time what uid we want to use at runtime."
Does that help? Let me know if you have further questions.