With chroot enabled (the default):
– the auto trust anchor file /var/lib/unbound/root.key is not available
– unbound has no access to /dev/random for entropy source
I don't think those problems can be solved in an elegant way and don't
think there is a big risk running this without a chroot.
chroot can always be enabled in a custom configuration