I got curious so did some digging:

https://github.com/noosphere888/Whirlpool/blob/main/THEORY.md#chaumian-coinjoin

> The users anonymously reconnect, unblind their output addresses, and return them to the server. The server can see that all the outputs were signed by it and so all the outputs had to come from valid participants. Later people reconnect and sign.

Seems like "anonymous reconnects" are what guarantees that the coordinator cannot deanonimize the CJ. A client should never unblind their output unless they see all other blinded outputs signed already there.