You can use bind
mounts to make these all point to the same place. For example:
mount --bind /var/cache/apt/archives /var/lib/lxc/foo/rootfs/var/cache/apt/archives
This blog post and this forum post talks about this solution in more detail.
A symlink wouldn't be a security hole, it simply wouldn't work, because from within the container a symlink to /var/cache/apt/archives
would point at a location inside the container filesystem.