--priviliged - this is obviously unsafe. The container has full access to the host system (all capabilities)
-v /dev:/dev:ro - this looks alright on the surface, since we have the :ro suffix which would imply read-only. However this is the same problem as mounting the docker socket as read-only. The container has full write access to devices (and sockets), they just cannot rename/delete the devices. Since the boot disk will be accessible via /dev, a malicious container can now mount and read/write to the host boot disk -- ie. full privilege escalation is possible.
--device - requires users to explicitly specify the devices they want to expose to the container. By default this container will have :rwm capabilities, however this can be changed to :r which would limit the device to read-only mode (no writes to the device) (edited)