Is systemd-nspawn as secure as running something in a virtual machine? If a binary doesn't exploit kernel bugs can a malicious app escape and compromise my machine? (assuming it doesn't use a kernel bug)

sudo systemd-nspawn -b -D /path/container 

Currently I'm using it to test apps from aur that I don't know if I want on my main machine