The xpub issue is an issue though, should be addressed if they really are the good actors they claim to be.
Discussion
this is such tired fud
if you connect any wallet to any node other than one you control the node operator will have your xpub
this is not Samourai specific that is how most nodes work
the first screen on samourai asks if you want to connect to your own node and to enable tor
the entire samourai community is about self sovereignty and teaching others how to obtain it
plus clark moody dashboard shows that over 2% of nodes on the network are ronindojo nodes
ronin dojo nodes are the best purpose build nodes on the market and easy to run
the Whirlpool coordinator is blind and each connection has a new tor route
txo breaks all deterministic links
the samourai team are currently decentralizing the whirlpool coordinator and making multi party txo
samourai have provided examples of other coin join implementations failing, they operate oxt which provides the same if not better blockchain analysis to the people so as to be able to understand what their actions look like
just because they write better code and provide better tools doesn’t give people the right to slander them as undercover feds 
It's just the mobile app defaulting to their node being the issue, which you didn't allude to a single time in your write up!
Why run such a node at all?
Just force users to be sovereign or bust, why are they doing this if they're motivated by such pure intentions?
I thought they were for the streets?
it is the first thing I mentioned
the first screen asks you to connect to your own node
how do you think any wallet works for anyone who doesn’t run their own node? it is a service
why no such concern over every other wallet?
how do you go from if you use this wallet without your own node the wallet will know your xpub to they are 50% feds?
Honestly, if you need to install some software just to be private on ONE mobile wallet, why not just install electrs and be private on several supporting desktop and mobile wallets (nunchuk, electrum, sparrow, etc...)
it is not just some software, it is a full node
ronin dojo is a debian based os & runs bitcoin, fulcrum electrum server, mempool, whirlpool & more
connect both samourai mobile and sparrow desktop to it
Run your own dojo and that addresses the issue