The point is that their container offering recognizes, correctly, that containers aren't a secure isolation boundary so unless there's internal only ec2 instance sizes (which seems unlikely, but I could be wrong) they used to waste significant portions of an instance's compute in the name of security since the instance _is_ a secure boundary.

More broadly, based on the literature I've seen, I'd agree that GCP takes security seriously, but so does AWS and I haven't seen any good evidence to say one would be "better" than the other.

I would expect both to come up with a robust security model and as part of their defense in depth I'd expect both to enforce single tenancy at a hypervisor level any time they're running anything untrusted or which can be materially/declaratively influenced by customers (e.g. code, SQL, etc)