I've just run into an issue on a prod server where, upon investigation, it turns out that PHP's display_errors is turned on by default in this image.
I've suppressed it by adding echo "display_errors=0" >> /usr/local/etc/php/conf.d/errors.ini to my Dockerfile (that's FROM this one), but it would be nice if this was handled out of the box.
I'm happy to do a PR for this, but I just wondered whether there was any reason why you had decided not to do this.
Sorry for the massive delay!
The reason we didn't do that is that we've left almost all the settings either at their upstream-supplied defaults, or at the upstream-recommended values. If there's a recommendation from upstream to disable display_errors by default, it would make sense to do, but otherwise we likely won't.