Wasabi is designed in a way that the client does not trust the backend. No sensitive information is ever revealed: no xpub, no IP, no common input / output, etc.

Even if the wabisabi coordinator is run by an active adversary, the client should protect you. (those are bold claims, Wasabi is still WIP, and this architecture goal is bloody difficult to build)