DDoS usually cost money to run, Lemmy/Kbin are small potatos with no cash to ransom, so there’s not really a point except to troll, in which case users can just spin up more servers and push back on the attacker’s cost/impact.
I do get the sense it would be relatively easy to DoS Lemmy, it doesn’t seem very efficient.
Docker is basically a virtual machine image you write your software in. Then when you run the software you don’t need to worry about compatibility or having the right dependencies installed, it’s all included in the docker image.
Think of Docker as being Nintendo cartridges that you can take to any friends house, plug them in, and play. Servers can run more than one Docker container.
The approach greatly simplifies writing code and having it work on your server, reduces errors, and adds a layer of security.