Even using a malicious node doesn't reveal receivers or amounts. And if you use Tor or a VPN they don't know your IP address. This leaves them with undeterminstic guessing of the sender which has been an admitted weakness of ring signatures and known thing for many years in the Monero community (it's why Monero is upgrading to FCMP later this year)

Why all this theorycrafting with best case scenario about Lightning privacy?

Most user don't use Lightning that way and bolt12 is optional and barely used. They're all on WoS, Strike, Chivo, Primal, etc

Monero provides much stronger privacy by default for the average user