With namespace inside of the container the processor is run by root, while outside of the container the processor is not root. So it would appears as "root" to elasticsearch and be wrongfully terminated.
Even without namespace, the docker container can only access storage mounted to the container, share of cpu/memory assigned to the container. This root user would be much safer than, for example, ec2-user in most cases.
It's simply wrong that a user must be unsafe just because it's called "root". And vice-versa. The decision should be made by the people making the deployments.