If a relay requires auth, then yes — it could sniff some information. As for the other points:

– The welcome event is wrapped in a NIP-17 DM, so it’s not linked to the MLS group.

– Group IDs can be rotated, even per message.

– IPs can be hidden by using the Tor network.

Also, some information can be obtained from the req, but auth is required to identify the sender.