Yep, bind mount the data and config directories and back those up. You can test a backup by spinning up a new container with the data/config directories.
This is both easy and generally the recommended thing I’ve seen for many services.
The only thing that could cause issues is breaking changes caused by the docker images themselves, but that’s an issue regardless of backup strategy.
I think it also comes down to the fact most people aren’t going to label the transaction “illegal drugs”. But it does make it easier to track payments and build cases against people (or oppress people depending on the government/police).